2 matches found
CVE-2015-7580
Cross-site scripting XSS vulnerability in lib/rails/html/scrubbers.rb in the rails-html-sanitizer gem before 1.0.3 for Ruby on Rails 4.2.x and 5.x allows remote attackers to inject arbitrary web script or HTML via a crafted CDATA node...
CVE-2015-7580
The CVE-2015-7580 entry describes an XSS vulnerability in the rails-html-sanitizer gem prior to 1.0.3 used with Ruby on Rails 4.2.x and 5.x. The issue arises in lib/rails/html/scrubbers.rb where a crafted CDATA node can inject arbitrary script/HTML. Affected component: rails-html-sanitizer (Ruby ...