Lucene search

[email protected]NVD:CVE-2015-7580

HistoryFeb 16, 2016 - 2:59 a.m.

CVE-2015-7580

2016-02-1602:59:03

CWE-79

[email protected]

web.nvd.nist.gov

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.003

Percentile

65.6%

JSON

Cross-site scripting (XSS) vulnerability in lib/rails/html/scrubbers.rb in the rails-html-sanitizer gem before 1.0.3 for Ruby on Rails 4.2.x and 5.x allows remote attackers to inject arbitrary web script or HTML via a crafted CDATA node.

Affected configurations

Nvd

Node

rubyonrailshtml_sanitizerRange≤1.0.2ruby

AND

rubyonrailsrailsMatch4.2.0

rubyonrailsrailsMatch4.2.0beta1

rubyonrailsrailsMatch4.2.0beta2

rubyonrailsrailsMatch4.2.0beta3

rubyonrailsrailsMatch4.2.0beta4

rubyonrailsrailsMatch4.2.0rc1

rubyonrailsrailsMatch4.2.0rc2

rubyonrailsrailsMatch4.2.0rc3

rubyonrailsrailsMatch4.2.1

rubyonrailsrailsMatch4.2.1rc1

rubyonrailsrailsMatch4.2.1rc2

rubyonrailsrailsMatch4.2.1rc3

rubyonrailsrailsMatch4.2.1rc4

rubyonrailsrailsMatch4.2.2

rubyonrailsrailsMatch4.2.3

rubyonrailsrailsMatch4.2.3rc1

rubyonrailsrailsMatch4.2.4

rubyonrailsrailsMatch4.2.4rc1

rubyonrailsrailsMatch4.2.5

rubyonrailsrailsMatch4.2.5rc1

rubyonrailsrailsMatch4.2.5rc2

rubyonrailsrailsMatch4.2.5.1

rubyonrailsrailsMatch4.2.5.2

rubyonrailsrailsMatch4.2.6rc1

rubyonrailsrailsMatch5.0.0beta1

rubyonrailsrailsMatch5.0.0beta1.1

rubyonrailsrailsMatch5.0.0beta2

rubyonrailsrailsMatch5.0.0beta3

VendorProductVersionCPE
rubyonrailshtml_sanitizer*cpe:2.3:a:rubyonrails:html_sanitizer:*:*:*:*:*:ruby:*:*
rubyonrailsrails4.2.0cpe:2.3:a:rubyonrails:rails:4.2.0:*:*:*:*:*:*:*
rubyonrailsrails4.2.0cpe:2.3:a:rubyonrails:rails:4.2.0:beta1:*:*:*:*:*:*
rubyonrailsrails4.2.0cpe:2.3:a:rubyonrails:rails:4.2.0:beta2:*:*:*:*:*:*
rubyonrailsrails4.2.0cpe:2.3:a:rubyonrails:rails:4.2.0:beta3:*:*:*:*:*:*
rubyonrailsrails4.2.0cpe:2.3:a:rubyonrails:rails:4.2.0:beta4:*:*:*:*:*:*
rubyonrailsrails4.2.0cpe:2.3:a:rubyonrails:rails:4.2.0:rc1:*:*:*:*:*:*
rubyonrailsrails4.2.0cpe:2.3:a:rubyonrails:rails:4.2.0:rc2:*:*:*:*:*:*
rubyonrailsrails4.2.0cpe:2.3:a:rubyonrails:rails:4.2.0:rc3:*:*:*:*:*:*
rubyonrailsrails4.2.1cpe:2.3:a:rubyonrails:rails:4.2.1:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
rubyonrails	html_sanitizer	*	cpe:2.3:a:rubyonrails:html_sanitizer::::::ruby::*
rubyonrails	rails	4.2.0	cpe:2.3:a:rubyonrails:rails:4.2.0:::::::*
rubyonrails	rails	4.2.0	cpe:2.3:a:rubyonrails:rails:4.2.0:beta1::::::
rubyonrails	rails	4.2.0	cpe:2.3:a:rubyonrails:rails:4.2.0:beta2::::::
rubyonrails	rails	4.2.0	cpe:2.3:a:rubyonrails:rails:4.2.0:beta3::::::
rubyonrails	rails	4.2.0	cpe:2.3:a:rubyonrails:rails:4.2.0:beta4::::::
rubyonrails	rails	4.2.0	cpe:2.3:a:rubyonrails:rails:4.2.0:rc1::::::
rubyonrails	rails	4.2.0	cpe:2.3:a:rubyonrails:rails:4.2.0:rc2::::::
rubyonrails	rails	4.2.0	cpe:2.3:a:rubyonrails:rails:4.2.0:rc3::::::
rubyonrails	rails	4.2.1	cpe:2.3:a:rubyonrails:rails:4.2.1:::::::*