CVE-2015-7578

Published: Feb 16, 2016

Modified: Aug 6, 2024

PUBLISHED

Description

Cross-site scripting (XSS) vulnerability in the rails-html-sanitizer gem before 1.0.3 for Ruby on Rails 4.2.x and 5.x allows remote attackers to inject arbitrary web script or HTML via crafted tag attributes.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

FEDORA-2016-3a2606f993

vendor-advisory

x_refsource_FEDORA

[oss-security] 20160125 [CVE-2015-7578] Possible XSS vulnerability in rails-html-sanitizer

mailing-list

x_refsource_MLIST

SUSE-SU-2016:1146

vendor-advisory

x_refsource_SUSE

https://github.com/rails/rails-html-sanitizer/commit/297161e29a3e11186ce4c02bf7defc088bf544d4

x_refsource_CONFIRM

1034816

vdb-entry

x_refsource_SECTRACK

[ruby-security-ann] 20160125 [CVE-2015-7578] Possible XSS vulnerability in rails-html-sanitizer

mailing-list

x_refsource_MLIST

FEDORA-2016-59ce8b61dd

vendor-advisory

x_refsource_FEDORA

SUSE-SU-2016:0391

vendor-advisory

x_refsource_SUSE

openSUSE-SU-2016:0356

vendor-advisory

x_refsource_SUSE

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2015-7578

Description

Affected Products

References