Lucene search
K

13 matches found

OpenVAS
OpenVAS
added 2021/06/09 12:0 a.m.23 views

SUSE: Security Advisory (SUSE-SU-2016:1146-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS6.7AI score0.95537EPSS
Exploits19References4
Tenable Nessus
Tenable Nessus
added 2016/03/04 12:0 a.m.25 views

Fedora 23 : rubygem-rails-html-sanitizer-1.0.3-1.fc23 (2016-59ce8b61dd)

Security fix for CVE-2015-7578 CVE-2015-7579 CVE-2015-7580 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional...

6.1CVSS6.5AI score0.02587EPSS
Exploits1References5
Tenable Nessus
Tenable Nessus
added 2016/03/04 12:0 a.m.37 views

Fedora 22 : rubygem-rails-html-sanitizer-1.0.1-2.fc22 (2016-3a2606f993)

Security fix for CVE-2015-7578 CVE-2015-7579 CVE-2015-7580 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional...

6.1CVSS6.5AI score0.02587EPSS
Exploits1References5
OpenVAS
OpenVAS
added 2016/02/29 12:0 a.m.24 views

Fedora Update for rubygem-rails-html-sanitizer FEDORA-2016-59

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.1CVSS6.5AI score0.02587EPSS
Exploits1References2
UbuntuCve
UbuntuCve
added 2016/02/16 2:59 a.m.21 views

CVE-2015-7579

Cross-site scripting XSS vulnerability in the rails-html-sanitizer gem 1.0.2 for Ruby on Rails 4.2.x and 5.x allows remote attackers to inject arbitrary web script or HTML via an HTML entity that is mishandled by the Rails::Html::FullSanitizer class...

6.1CVSS6.7AI score0.02587EPSS
Exploits1References2
CVE
CVE
added 2016/02/16 2:0 a.m.79 views

CVE-2015-7579

The CVE-2015-7579 entry concerns an XSS vulnerability in the rails-html-sanitizer gem 1.0.2 used with Ruby on Rails 4.2.x and 5.x. The issue arises from how an HTML entity is mishandled by the Rails::Html::FullSanitizer class, allowing remote attackers to inject arbitrary web script or HTML. The ...

6.1CVSS5.5AI score0.02587EPSS
Exploits1References9Affected Software1
Cvelist
Cvelist
added 2016/02/16 2:0 a.m.27 views

CVE-2015-7579

Cross-site scripting XSS vulnerability in the rails-html-sanitizer gem 1.0.2 for Ruby on Rails 4.2.x and 5.x allows remote attackers to inject arbitrary web script or HTML via an HTML entity that is mishandled by the Rails::Html::FullSanitizer class...

5.5AI score0.02587EPSS
Exploits1References9
Tenable Nessus
Tenable Nessus
added 2016/02/08 12:0 a.m.26 views

openSUSE Security Update : rubygem-rails-html-sanitizer (openSUSE-2016-148)

This update for rubygem-rails-html-sanitizer fixes the following issues : - CVE-2015-7579: XSS vulnerability in rails-html-sanitizer bsc963327 - CVE-2015-7578: XSS vulnerability via attributes bsc963326 - CVE-2015-7580: XSS via whitelist sanitizer bsc963328 %NASLMINLEVEL 70300 C Tenable Network...

6.1CVSS6.4AI score0.02587EPSS
Exploits1References6
OpenVAS
OpenVAS
added 2016/02/08 12:0 a.m.25 views

openSUSE: Security Advisory for rubygem-rails-html-sanitizer (openSUSE-SU-2016:0356-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.1CVSS6.4AI score0.02587EPSS
Exploits1References1
OPENSUSE Linux
OPENSUSE Linux
added 2016/02/07 5:11 p.m.58 views

Security update for rubygem-rails-html-sanitizer (important)

This update for rubygem-rails-html-sanitizer fixes the following issues: - CVE-2015-7579: XSS vulnerability in rails-html-sanitizer bsc963327 - CVE-2015-7578: XSS vulnerability via attributes bsc963326 - CVE-2015-7580: XSS via whitelist sanitizer bsc963328...

4.3CVSS3AI score0.02587EPSS
Exploits1References3
seebug.org
seebug.org
added 2016/01/27 12:0 a.m.39 views

Ruby on Rails rails-html-sanitizer XSS 漏洞

XSS vulnerability in rails-html-sanitizer There is a XSS vulnerability in Rails::Html::FullSanitizer used by Action View's striptags. This vulnerability has been assigned the CVE identifier CVE-2015-7579. Versions Affected: 1.0.2 Not affected: 1.0.0, 1.0.1 Fixed Versions: 1.0.3 Impact Due to the...

4.3CVSS5.9AI score0.02587EPSS
Exploits1
RubySec
RubySec
added 2016/01/25 12:0 a.m.34 views

XSS vulnerability in rails-html-sanitizer

There is a XSS vulnerability in Rails::Html::FullSanitizer used by Action View's striptags. This vulnerability has been assigned the CVE identifier CVE-2015-7579. Versions Affected: 1.0.2 Not affected: 1.0.0, 1.0.1 Fixed Versions: 1.0.3 Impact ------ Due to the way that Rails::Html::FullSanitizer...

6.1CVSS0.4AI score0.02587EPSS
Exploits1References1Affected Software1
Hacker One
Hacker One
added 2015/08/09 11:32 a.m.31 views

Ruby on Rails: [Rails42] We can inject HTML tags when server is using strip_tags method

XSS vulnerability in rails-html-sanitizer There is a XSS vulnerability in Rails::Html::FullSanitizer used by Action View's striptags. This vulnerability has been assigned the CVE identifier CVE-2015-7579. Versions Affected: 1.0.2 Not affected: 1.0.0, 1.0.1 Fixed Versions: 1.0.3 Impact ------ Due ...

4.3CVSS5.7AI score0.02587EPSS
Exploits1
Rows per page
Query Builder