Published: 16/02/2016 Updated: 08/08/2019
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
CVSS v3 Base Score: 6.1 | Impact Score: 2.7 | Exploitability Score: 2.8
VMScore: 383
Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Vulnerability Summary

Cross-site scripting (XSS) vulnerability in the rails-html-sanitizer gem 1.0.2 for Ruby on Rails 4.2.x and 5.x allows remote malicious users to inject arbitrary web script or HTML via an HTML entity that is mishandled by the Rails::Html::FullSanitizer class.

Affected Products

Vendor Product Versions
RubyonrailsHtml Sanitizer1.0.2

Vendor Advisories

Debian Bug report logs - #812814 CVE-2015-7578 CVE-2015-7579 CVE-2015-7580 Package: ruby-rails-html-sanitizer; Maintainer for ruby-rails-html-sanitizer is Debian Ruby Extras Maintainers <pkg-ruby-extras-maintainers@listsaliothdebianorg>; Source for ruby-rails-html-sanitizer is src:ruby-rails-html-sanitizer (PTS, buildd, popcon) ...