Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
rubygemsRubySecRUBY:RAILS-HTML-SANITIZER-2015-7578
HistoryJan 24, 2016 - 9:00 p.m.

Possible XSS vulnerability in rails-html-sanitizer

2016-01-2421:00:00
RubySec
rubysec.com
8
JSON

There is a possible XSS vulnerability in rails-html-sanitizer. This
vulnerability has been assigned the CVE identifier CVE-2015-7578.

Versions Affected: All.
Not affected: None.
Fixed Versions: 1.0.3

Impact

There is a possible XSS vulnerability in rails-html-sanitizer. Certain
attributes are not removed from tags when they are sanitized, and these
attributes can lead to an XSS attack on target applications.

All users running an affected release should either upgrade or use one of the
workarounds immediately.

Releases

The FIXED releases are available at the normal locations.

Workarounds

There are no feasible workarounds for this issue.

Patches

To aid users who aren’t able to upgrade immediately we have provided patches for
the two supported release series. They are in git-am format and consist of a
single changeset.

  • 1-0-sanitize_data_attributes.patch - Patch for 1.0 series

Credits

Thanks to Ben Murphy and Marien for reporting this.

CPENameOperatorVersion
rails-html-sanitizerlt1.0.3

Related

github 1
cvelist 1
prion 1
cve 1
osv 1
debiancve 1
hackerone 1
ubuntucve 1
openvas 4
fedora 2
nessus 3
suse 3
github
github
rails-html-sanitizer Cross-site Scripting vulnerability
2017-10-24 18:33:36
cvelist
cvelist
CVE-2015-7578
2016-02-16 02:00:00
prion
prion
Cross site scripting
2016-02-16 02:59:00
cve
cve
CVE-2015-7578
2016-02-16 02:59:00
osv
osv
rails-html-sanitizer Cross-site Scripting vulnerability
2017-10-24 18:33:36
debiancve
debiancve
CVE-2015-7578
2016-02-16 02:59:00
hackerone
hackerone
Ruby on Rails: Data-Tags and the New HTML Sanitizer Subverts CSRF protection
2015-01-07 00:38:28
ubuntucve
ubuntucve
CVE-2015-7578
2016-02-16 00:00:00
openvas
openvas
openSUSE: Security Advisory for rubygem-rails-html-sanitizer (openSUSE-SU-2016:0356-1)
2016-02-08 00:00:00
Fedora Update for rubygem-rails-html-sanitizer FEDORA-2016-3
2016-02-29 00:00:00
Fedora Update for rubygem-rails-html-sanitizer FEDORA-2016-59
2016-02-29 00:00:00
fedora
fedora
[SECURITY] Fedora 22 Update: rubygem-rails-html-sanitizer-1.0.1-2.fc22
2016-02-28 08:31:19
[SECURITY] Fedora 23 Update: rubygem-rails-html-sanitizer-1.0.3-1.fc23
2016-02-28 12:28:41
nessus
nessus
Fedora 23 : rubygem-rails-html-sanitizer-1.0.3-1.fc23 (2016-59ce8b61dd)
2016-03-04 00:00:00
Fedora 22 : rubygem-rails-html-sanitizer-1.0.1-2.fc22 (2016-3a2606f993)
2016-03-04 00:00:00
openSUSE Security Update : rubygem-rails-html-sanitizer (openSUSE-2016-148)
2016-02-08 00:00:00
suse
suse
Security update for rubygem-rails-html-sanitizer (important)
2016-02-07 17:11:11
Security update for rubygem-rails-html-sanitizer (important)
2016-02-09 14:12:34
Security update for portus (important)
2016-04-25 20:07:56
JSON
Related for RUBY:RAILS-HTML-SANITIZER-2015-7578
github1cvelist1prion1cve1osv1debiancve1hackerone1ubuntucve1openvas4fedora2nessus3suse3