The sanitize_css method in lib/action_controller/vendor/html-scanner/html/sanitizer.rb in the Action Pack component in Ruby on Rails prior to 2.3.18, 3.0.x and 3.1.x prior to 3.1.12, and 3.2.x prior to 3.2.13 does not properly handle \n (newline) characters, which makes it easier for remote malicious users to conduct cross-site scripting (XSS) attacks via crafted Cascading Style Sheets (CSS) token sequences.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
rubyonrails rails 3.2.0 |
||
rubyonrails rails 3.2.7 |
||
rubyonrails rails 3.2.8 |
||
rubyonrails rails 3.2.9 |
||
rubyonrails rails 3.2.1 |
||
rubyonrails rails 3.2.5 |
||
rubyonrails rails 3.2.6 |
||
rubyonrails rails 3.2.10 |
||
rubyonrails rails 3.2.11 |
||
rubyonrails rails 3.2.12 |
||
rubyonrails rails 3.2.2 |
||
rubyonrails rails 3.2.3 |
||
rubyonrails rails 3.2.4 |
||
rubyonrails ruby on rails 0.8.0 |
||
rubyonrails ruby on rails 0.5.7 |
||
rubyonrails ruby on rails 0.7.0 |
||
rubyonrails ruby on rails |
||
rubyonrails rails 1.2.4 |
||
rubyonrails ruby on rails 0.8.5 |
||
rubyonrails ruby on rails 0.6.0 |
||
rubyonrails ruby on rails 0.5.6 |
||
rubyonrails ruby on rails 0.9.0 |
||
rubyonrails ruby on rails 0.5.5 |
||
rubyonrails ruby on rails 0.5.0 |
||
rubyonrails ruby on rails 0.6.5 |
||
rubyonrails rails 0.9.1 |
||
rubyonrails rails 0.9.2 |
||
rubyonrails rails 0.9.3 |
||
rubyonrails rails 0.9.4 |
||
rubyonrails rails 0.9.4.1 |
||
rubyonrails rails 0.10.0 |
||
rubyonrails rails 0.10.1 |
||
rubyonrails rails 0.11.0 |
||
rubyonrails rails 0.11.1 |
||
rubyonrails rails 0.12.0 |
||
rubyonrails rails 0.12.1 |
||
rubyonrails rails 0.13.0 |
||
rubyonrails rails 0.13.1 |
||
rubyonrails rails 0.14.1 |
||
rubyonrails rails 0.14.2 |
||
rubyonrails rails 0.14.3 |
||
rubyonrails rails 0.14.4 |
||
rubyonrails rails 1.0.0 |
||
rubyonrails rails 1.1.1 |
||
rubyonrails rails 1.1.2 |
||
rubyonrails rails 1.1.3 |
||
rubyonrails rails 1.1.4 |
||
rubyonrails rails 1.1.5 |
||
rubyonrails rails 1.1.6 |
||
rubyonrails rails 1.2.1 |
||
rubyonrails rails 1.2.2 |
||
rubyonrails rails 1.2.3 |
||
rubyonrails rails 1.2.5 |
||
rubyonrails rails 1.2.6 |
||
rubyonrails rails 1.9.5 |
||
rubyonrails rails 1.1.0 |
||
rubyonrails rails 1.2.0 |
||
rubyonrails rails 2.0.1 |
||
rubyonrails rails 2.0.2 |
||
rubyonrails rails 2.0.4 |
||
rubyonrails rails 2.1.0 |
||
rubyonrails rails 2.1.1 |
||
rubyonrails rails 2.1.2 |
||
rubyonrails rails 2.2.0 |
||
rubyonrails rails 2.2.1 |
||
rubyonrails rails 2.2.2 |
||
rubyonrails rails 2.3.0 |
||
rubyonrails rails 2.3.1 |
||
rubyonrails rails 2.3.2 |
||
rubyonrails rails 2.3.3 |
||
rubyonrails rails 2.3.4 |
||
rubyonrails rails 2.3.9 |
||
rubyonrails rails 2.3.10 |
||
rubyonrails rails 2.3.11 |
||
rubyonrails rails 2.3.12 |
||
rubyonrails rails 2.3.13 |
||
rubyonrails rails 2.3.14 |
||
rubyonrails rails 2.3.15 |
||
rubyonrails rails 2.3.16 |
||
rubyonrails rails 2.0.0 |
||
rubyonrails ruby on rails 3.0.4 |
||
rubyonrails rails 3.0.0 |
||
rubyonrails rails 3.0.1 |
||
rubyonrails rails 3.0.2 |
||
rubyonrails rails 3.0.10 |
||
rubyonrails rails 3.0.12 |
||
rubyonrails rails 3.0.13 |
||
rubyonrails rails 3.0.3 |
||
rubyonrails rails 3.0.11 |
||
rubyonrails rails 3.0.14 |
||
rubyonrails rails 3.0.16 |
||
rubyonrails rails 3.0.17 |
||
rubyonrails rails 3.0.18 |
||
rubyonrails rails 3.0.19 |
||
rubyonrails rails 3.0.20 |
||
rubyonrails rails 3.0.4 |
||
rubyonrails rails 3.0.5 |
||
rubyonrails rails 3.0.6 |
||
rubyonrails rails 3.0.7 |
||
rubyonrails rails 3.0.8 |
||
rubyonrails rails 3.0.9 |
||
rubyonrails ruby on rails 3.1.11 |
||
rubyonrails rails 3.1.0 |
||
rubyonrails rails 3.1.1 |
||
rubyonrails rails 3.1.2 |
||
rubyonrails rails 3.1.4 |
||
rubyonrails rails 3.1.5 |
||
rubyonrails rails 3.1.3 |
||
rubyonrails rails 3.1.6 |
||
rubyonrails rails 3.1.7 |
||
rubyonrails rails 3.1.8 |
||
rubyonrails rails 3.1.9 |
||
rubyonrails rails 3.1.10 |
||
redhat enterprise linux 6.0 |