CVE-2013-1855
Last modified
CVE-2013-1855 is a vulnerability of currently unknown severity. The sanitize_css method in lib/action_controller/vendor/html-scanner/html/sanitizer.rb in the Action Pack component in Ruby on Rails before 2.3.18, 3.0.x and 3.1.x before 3.1.12, and 3.2.x before 3.2.13 does not properly handle \n (newline) characters, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via crafted Cascading Style Sheets (CSS) token sequences.. EPSS estimates a 2.62% chance of exploitation in the next 30 days.
Description
The sanitize_css method in lib/action_controller/vendor/html-scanner/html/sanitizer.rb in the Action Pack component in Ruby on Rails before 2.3.18, 3.0.x and 3.1.x before 3.1.12, and 3.2.x before 3.2.13 does not properly handle \n (newline) characters, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via crafted Cascading Style Sheets (CSS) token sequences.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions | Update |
|---|---|---|---|
| Rubyonrails | Rails | 3.2.0 | — |
| Rubyonrails | Rails | 3.2.1 | — |
| Rubyonrails | Rails | 3.2.2 | — |
| Rubyonrails | Rails | 3.2.3 | — |
| Rubyonrails | Rails | 3.2.4 | — |
| Rubyonrails | Rails | 3.2.5 | — |
| Rubyonrails | Rails | 3.2.6 | — |
| Rubyonrails | Rails | 3.2.7 | — |
| Rubyonrails | Rails | 3.2.8 | — |
| Rubyonrails | Rails | 3.2.9 | — |
| Rubyonrails | Rails | 3.2.10 | — |
| Rubyonrails | Rails | 3.2.11 | — |
| Rubyonrails | Rails | 3.2.12 | — |
| Rubyonrails | Rails | 0.9.1 | — |
| Rubyonrails | Rails | 0.9.2 | — |
| Rubyonrails | Rails | 0.9.3 | — |
| Rubyonrails | Rails | 0.9.4 | — |
| Rubyonrails | Rails | 0.9.4.1 | — |
| Rubyonrails | Rails | 0.10.0 | — |
| Rubyonrails | Rails | 0.10.1 | — |
| Rubyonrails | Rails | 0.11.0 | — |
| Rubyonrails | Rails | 0.11.1 | — |
| Rubyonrails | Rails | 0.12.0 | — |
| Rubyonrails | Rails | 0.12.1 | — |
| Rubyonrails | Rails | 0.13.0 | — |
| Rubyonrails | Rails | 0.13.1 | — |
| Rubyonrails | Rails | 0.14.1 | — |
| Rubyonrails | Rails | 0.14.2 | — |
| Rubyonrails | Rails | 0.14.3 | — |
| Rubyonrails | Rails | 0.14.4 | — |
| Rubyonrails | Rails | 1.0.0 | — |
| Rubyonrails | Rails | 1.1.0 | — |
| Rubyonrails | Rails | 1.1.1 | — |
| Rubyonrails | Rails | 1.1.2 | — |
| Rubyonrails | Rails | 1.1.3 | — |
| Rubyonrails | Rails | 1.1.4 | — |
| Rubyonrails | Rails | 1.1.5 | — |
| Rubyonrails | Rails | 1.1.6 | — |
| Rubyonrails | Rails | 1.2.0 | — |
| Rubyonrails | Rails | 1.2.1 | — |
| Rubyonrails | Rails | 1.2.2 | — |
| Rubyonrails | Rails | 1.2.3 | — |
| Rubyonrails | Rails | 1.2.4 | — |
| Rubyonrails | Rails | 1.2.5 | — |
| Rubyonrails | Rails | 1.2.6 | — |
| Rubyonrails | Rails | 1.9.5 | — |
| Rubyonrails | Rails | 2.0.0 | — |
| Rubyonrails | Rails | 2.0.1 | — |
| Rubyonrails | Rails | 2.0.2 | — |
| Rubyonrails | Rails | 2.0.4 | — |
Showing 50 of 114 affected configurations. See NVD for the full list.
References
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2013-1855?
How severe is CVE-2013-1855?
How do I fix CVE-2013-1855?
Are you affected by CVE-2013-1855?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST