rubygem-actionpack: css_sanitization: XSS vulnerability in sanitize_css

A cross-site scripting XSS flaw was found in Action Pack. A remote attacker could use this flaw to conduct XSS attacks against users of an application using Action Pack...

DEBIAN-CVE-2013-1855

The sanitizecss method in lib/actioncontroller/vendor/html-scanner/html/sanitizer.rb in the Action Pack component in Ruby on Rails before 2.3.18, 3.0.x and 3.1.x before 3.1.12, and 3.2.x before 3.2.13 does not properly handle \n newline characters, which makes it easier for remote attackers to...

PT-2013-3433 · Ruby +1 · Ruby On Rails +1

Name of the Vulnerable Software and Affected Versions: Ruby on Rails versions prior to 2.3.18 Ruby on Rails versions 3.0.x through 3.1.11 Ruby on Rails versions 3.2.x through 3.2.12 Description: The issue arises from the sanitize css method in the Action Pack component, which fails to properly...