Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2013-1855

Опубликовано: 18 мар. 2013
Источник: redhat
CVSS2: 4.3
EPSS Низкий

Описание

The sanitize_css method in lib/action_controller/vendor/html-scanner/html/sanitizer.rb in the Action Pack component in Ruby on Rails before 2.3.18, 3.0.x and 3.1.x before 3.1.12, and 3.2.x before 3.2.13 does not properly handle \n (newline) characters, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via crafted Cascading Style Sheets (CSS) token sequences.

A cross-site scripting (XSS) flaw was found in Action Pack. A remote attacker could use this flaw to conduct XSS attacks against users of an application using Action Pack.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat CloudForms Tools 1rubygem-actionpackWill not fix
Red Hat Satellite 6ruby193-rubygem-actionpackAffected
Red Hat Subscription Asset Manager 1.4katelloFixedRHSA-2014:186317.11.2014
Red Hat Subscription Asset Manager 1.4ruby193-rubygem-actionmailerFixedRHSA-2014:186317.11.2014
Red Hat Subscription Asset Manager 1.4ruby193-rubygem-actionpackFixedRHSA-2014:186317.11.2014
Red Hat Subscription Asset Manager 1.4ruby193-rubygem-activemodelFixedRHSA-2014:186317.11.2014
Red Hat Subscription Asset Manager 1.4ruby193-rubygem-activerecordFixedRHSA-2014:186317.11.2014
Red Hat Subscription Asset Manager 1.4ruby193-rubygem-activeresourceFixedRHSA-2014:186317.11.2014
Red Hat Subscription Asset Manager 1.4ruby193-rubygem-activesupportFixedRHSA-2014:186317.11.2014
Red Hat Subscription Asset Manager 1.4ruby193-rubygem-i18nFixedRHSA-2014:186317.11.2014

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-79
https://bugzilla.redhat.com/show_bug.cgi?id=921331rubygem-actionpack: css_sanitization: XSS vulnerability in sanitize_css

EPSS

Процентиль: 67%
0.00536
Низкий

4.3 Medium

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2013-1855

ubuntu
почти 13 лет назад

The sanitize_css method in lib/action_controller/vendor/html-scanner/html/sanitizer.rb in the Action Pack component in Ruby on Rails before 2.3.18, 3.0.x and 3.1.x before 3.1.12, and 3.2.x before 3.2.13 does not properly handle \n (newline) characters, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via crafted Cascading Style Sheets (CSS) token sequences.

nvd логотип

CVE-2013-1855

nvd
почти 13 лет назад

The sanitize_css method in lib/action_controller/vendor/html-scanner/html/sanitizer.rb in the Action Pack component in Ruby on Rails before 2.3.18, 3.0.x and 3.1.x before 3.1.12, and 3.2.x before 3.2.13 does not properly handle \n (newline) characters, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via crafted Cascading Style Sheets (CSS) token sequences.

debian логотип

CVE-2013-1855

debian
почти 13 лет назад

The sanitize_css method in lib/action_controller/vendor/html-scanner/h ...

github логотип

GHSA-q759-hwvc-m3jg

github
больше 8 лет назад

actionpack Cross-site Scripting vulnerability

EPSS

Процентиль: 67%
0.00536
Низкий

4.3 Medium

CVSS2