Lucene search
K

15 matches found

Tenable Nessus
Tenable Nessus
added 2018/12/06 12:0 a.m.39 views

RHEL 6 : rubygem-actionpack and ruby193-rubygem-actionpack (RHSA-2013:0698)

The remote Redhat Enterprise Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2013:0698 advisory. Ruby on Rails is a modelviewcontroller MVC framework for web application development. Action Pack implements the controller and the view...

4.3CVSS6.9AI score0.0264EPSS
Exploits1References7
Tenable Nessus
Tenable Nessus
added 2014/06/13 12:0 a.m.35 views

openSUSE Security Update : rubygem-actionpack-2_3 (openSUSE-SU-2013:0662-1)

Changes in rubygem-actionpack-23 : - add 2 patches to fix security issues : - bug-8099352-3-csssanitize.patch: CVE-2013-1855: rubygem-actionpack: XSS vulnerability in sanitizecss in Action Pack bnc809935 - bug-8099402-3-sanitizeprotocol.patch: CVE-2013-1857: rubygem-actionpack: XSS Vulnerability ...

4.3CVSS7.1AI score0.0264EPSS
Exploits1References5
Tenable Nessus
Tenable Nessus
added 2013/04/12 12:0 a.m.43 views

FreeBSD : rubygem-rails -- multiple vulnerabilities (db0c4b00-a24c-11e2-9601-000d601460a4)

Ruby on Rails team reports : Rails versions 3.2.13 has been released. This release contains important security fixes. It is recommended users upgrade as soon as possible. Four vulnerabilities have been discovered and fixed : - CVE-2013-1854 Symbol DoS vulnerability in Active Record - CVE-2013-185...

5.8CVSS7AI score0.03438EPSS
Exploits2References9
OpenVAS
OpenVAS
added 2013/04/02 12:0 a.m.36 views

Fedora Update for rubygem-actionpack FEDORA-2013-4199

The remote host is missing an update for the SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

6.4CVSS7.8AI score0.05673EPSS
Exploits8References2
OpenVAS
OpenVAS
added 2013/04/02 12:0 a.m.37 views

Fedora Update for rubygem-actionpack FEDORA-2013-4214

The remote host is missing an update for the SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

4.3CVSS7.8AI score0.0264EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2013/04/01 12:0 a.m.41 views

Fedora 18 : rubygem-actionpack-3.2.8-3.fc18 (2013-4214)

Fix for CVE-2013-1855 and CVE-2013-1857. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. %NASLMINLEVEL...

4.3CVSS7.2AI score0.0264EPSS
Exploits1References5
Tenable Nessus
Tenable Nessus
added 2013/04/01 12:0 a.m.47 views

Fedora 17 : rubygem-actionpack-3.0.11-9.fc17 (2013-4199)

Fix for CVE-2013-1855 and CVE-2013-1857. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. %NASLMINLEVEL...

4.3CVSS7.2AI score0.0264EPSS
Exploits1References5
Debian
Debian
added 2013/03/28 4:15 p.m.44 views

[SECURITY] [DSA 2655-1] rails security update

------------------------------------------------------------------------- Debian Security Advisory DSA-2655-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff March 28, 2013 http://www.debian.org/security/faq -...

5CVSS7.1AI score0.03438EPSS
Exploits2
seebug.org
seebug.org
added 2013/03/20 12:0 a.m.63 views

Ruby on Rails 'sanitize_css()'方法跨站脚本漏洞(CVE-2013-1855)

BUGTRAQ ID: 58552 CVECAN ID: CVE-2013-1855 Ruby on Rails简称RoR或Rails,是一个使用Ruby语言写的开源Web应用框架,它是严格按照MVC结构开发的。 Ruby on Rails 2.3.18, 3.1.12, 3.2.13之前版本在Action Pack内的sanitizecss中存在XSS漏洞,特制的文本可以绕过sanitizecss方法提供的过滤,攻击者可利用此漏洞在浏览器中执行任意脚本代码。 0 Ruby on Rails 3.x Ruby on Rails 2.x 临时解决方法:...

4.3CVSS0.0264EPSS
Exploits1
OSV
OSV
added 2013/03/19 10:55 p.m.5 views

CVE-2013-1855

The sanitizecss method in lib/actioncontroller/vendor/html-scanner/html/sanitizer.rb in the Action Pack component in Ruby on Rails before 2.3.18, 3.0.x and 3.1.x before 3.1.12, and 3.2.x before 3.2.13 does not properly handle \n newline characters, which makes it easier for remote attackers to...

5.5AI score
Exploits0References10
NVD
NVD
added 2013/03/19 10:55 p.m.14 views

CVE-2013-1855

The sanitizecss method in lib/actioncontroller/vendor/html-scanner/html/sanitizer.rb in the Action Pack component in Ruby on Rails before 2.3.18, 3.0.x and 3.1.x before 3.1.12, and 3.2.x before 3.2.13 does not properly handle \n newline characters, which makes it easier for remote attackers to...

4.3CVSS5.6AI score0.0264EPSS
Exploits1References10
Cvelist
Cvelist
added 2013/03/19 10:0 p.m.39 views

CVE-2013-1855

The sanitizecss method in lib/actioncontroller/vendor/html-scanner/html/sanitizer.rb in the Action Pack component in Ruby on Rails before 2.3.18, 3.0.x and 3.1.x before 3.1.12, and 3.2.x before 3.2.13 does not properly handle \n newline characters, which makes it easier for remote attackers to...

5.4AI score0.0264EPSS
Exploits1References10
CVE
CVE
added 2013/03/19 10:0 p.m.136 views

CVE-2013-1855

The CVE-2013-1855 entry concerns a cross-site scripting flaw in Rails’ Action Pack sanitize_css in lib/action_controller/vendor/html-scanner/html/sanitizer.rb. The issue arises from improper handling of newline characters in CSS token sequences, enabling remote XSS via crafted CSS. Affected Rails...

4.3CVSS5.5AI score0.0264EPSS
Exploits1References10Affected Software1
Debian CVE
Debian CVE
added 2013/03/19 10:0 p.m.53 views

CVE-2013-1855

The sanitizecss method in lib/actioncontroller/vendor/html-scanner/html/sanitizer.rb in the Action Pack component in Ruby on Rails before 2.3.18, 3.0.x and 3.1.x before 3.1.12, and 3.2.x before 3.2.13 does not properly handle \n newline characters, which makes it easier for remote attackers to...

4.3CVSS5.5AI score0.0264EPSS
Exploits1
RubySec
RubySec
added 2013/03/19 12:0 a.m.33 views

CVE-2013-1855 rubygem-actionpack: css_sanitization: XSS vulnerability in sanitize_css

The sanitizecss method in lib/actioncontroller/vendor/html-scanner/html/sanitizer.rb in the Action Pack component in Ruby on Rails before 2.3.18, 3.0.x and 3.1.x before 3.1.12, and 3.2.x before 3.2.13 does not properly handle \n newline characters, which makes it easier for remote attackers to...

4.3CVSS2.2AI score0.0264EPSS
Exploits1References1Affected Software1
Rows per page
Query Builder