Lucene search
K

9 matches found

OSV
OSV
added 2017/10/24 6:33 p.m.22 views

GHSA-R9C2-CR39-C8G6 rails-html-sanitizer Cross-site Scripting vulnerability

Cross-site scripting XSS vulnerability in the rails-html-sanitizer gem 1.0.2 for Ruby on Rails 4.2.x and 5.x allows remote attackers to inject arbitrary web script or HTML via an HTML entity that is mishandled by the Rails::Html::FullSanitizer class...

6.1CVSS6AI score0.02587EPSS
Exploits1References11
Github Security Blog
Github Security Blog
added 2017/10/24 6:33 p.m.25 views

rails-html-sanitizer Cross-site Scripting vulnerability

Cross-site scripting XSS vulnerability in the rails-html-sanitizer gem 1.0.2 for Ruby on Rails 4.2.x and 5.x allows remote attackers to inject arbitrary web script or HTML via an HTML entity that is mishandled by the Rails::Html::FullSanitizer class...

6.1CVSS5.8AI score0.02587EPSS
Exploits1References11Affected Software1
NVD
NVD
added 2016/02/16 2:59 a.m.17 views

CVE-2015-7579

Cross-site scripting XSS vulnerability in the rails-html-sanitizer gem 1.0.2 for Ruby on Rails 4.2.x and 5.x allows remote attackers to inject arbitrary web script or HTML via an HTML entity that is mishandled by the Rails::Html::FullSanitizer class...

6.1CVSS6.1AI score0.02587EPSS
Exploits1References9
UbuntuCve
UbuntuCve
added 2016/02/16 2:59 a.m.21 views

CVE-2015-7579

Cross-site scripting XSS vulnerability in the rails-html-sanitizer gem 1.0.2 for Ruby on Rails 4.2.x and 5.x allows remote attackers to inject arbitrary web script or HTML via an HTML entity that is mishandled by the Rails::Html::FullSanitizer class...

6.1CVSS6.7AI score0.02587EPSS
Exploits1References2
Cvelist
Cvelist
added 2016/02/16 2:0 a.m.27 views

CVE-2015-7579

Cross-site scripting XSS vulnerability in the rails-html-sanitizer gem 1.0.2 for Ruby on Rails 4.2.x and 5.x allows remote attackers to inject arbitrary web script or HTML via an HTML entity that is mishandled by the Rails::Html::FullSanitizer class...

5.5AI score0.02587EPSS
Exploits1References9
Debian CVE
Debian CVE
added 2016/02/16 2:0 a.m.25 views

CVE-2015-7579

Cross-site scripting XSS vulnerability in the rails-html-sanitizer gem 1.0.2 for Ruby on Rails 4.2.x and 5.x allows remote attackers to inject arbitrary web script or HTML via an HTML entity that is mishandled by the Rails::Html::FullSanitizer class...

6.1CVSS5.8AI score0.02587EPSS
Exploits1
seebug.org
seebug.org
added 2016/01/27 12:0 a.m.39 views

Ruby on Rails rails-html-sanitizer XSS 漏洞

XSS vulnerability in rails-html-sanitizer There is a XSS vulnerability in Rails::Html::FullSanitizer used by Action View's striptags. This vulnerability has been assigned the CVE identifier CVE-2015-7579. Versions Affected: 1.0.2 Not affected: 1.0.0, 1.0.1 Fixed Versions: 1.0.3 Impact Due to the...

4.3CVSS5.9AI score0.02587EPSS
Exploits1
RubySec
RubySec
added 2016/01/25 12:0 a.m.35 views

XSS vulnerability in rails-html-sanitizer

There is a XSS vulnerability in Rails::Html::FullSanitizer used by Action View's striptags. This vulnerability has been assigned the CVE identifier CVE-2015-7579. Versions Affected: 1.0.2 Not affected: 1.0.0, 1.0.1 Fixed Versions: 1.0.3 Impact ------ Due to the way that Rails::Html::FullSanitizer...

6.1CVSS0.4AI score0.02587EPSS
Exploits1References1Affected Software1
Hacker One
Hacker One
added 2015/08/09 11:32 a.m.32 views

Ruby on Rails: [Rails42] We can inject HTML tags when server is using strip_tags method

XSS vulnerability in rails-html-sanitizer There is a XSS vulnerability in Rails::Html::FullSanitizer used by Action View's striptags. This vulnerability has been assigned the CVE identifier CVE-2015-7579. Versions Affected: 1.0.2 Not affected: 1.0.0, 1.0.1 Fixed Versions: 1.0.3 Impact ------ Due ...

4.3CVSS5.7AI score0.02587EPSS
Exploits1
Rows per page
Query Builder