Cross-site scripting (XSS) vulnerability in lib/rails/html/scrubbers.rb in the rails-html-sanitizer gem before 1.0.3 for Ruby on Rails 4.2.x and 5.x allows remote attackers to inject arbitrary web script or HTML via a crafted CDATA node.
References
Configurations
Configuration 1 (hide)
AND |
|
Information
Published : 2016-02-15 18:59
Updated : 2019-08-08 08:16
NVD link : CVE-2015-7580
Mitre link : CVE-2015-7580
JSON object : View
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Products Affected
rubyonrails
- rails
- html_sanitizer