PT-2016-3815 · Ruby+1 · Rails-Html-Sanitizer+2

Ben Murphy

Publicado

2016-02-07

Atualizado

2026-03-13

CVE-2015-7578

CVSS v3.1

6.1

Média

Vetor

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions rails-html-sanitizer gem versions prior to 1.0.3 Ruby on Rails versions 4.2.x and 5.x

Description The issue allows remote attackers to inject arbitrary web script or HTML via crafted tag attributes, which can lead to cross-site scripting (XSS) attacks. This occurs due to a vulnerability in the rails-html-sanitizer gem.

Recommendations For rails-html-sanitizer gem versions prior to 1.0.3, update to version 1.0.3 or later to resolve the issue. For Ruby on Rails versions 4.2.x and 5.x, ensure the rails-html-sanitizer gem is updated to version 1.0.3 or later to mitigate the risk of XSS attacks.

Correção

XSS

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-79

Identificadores relacionados

CVE-2015-7578

GHSA-59C7-4XJ2-HGVW

GHSA-QC8J-M8J3-RJQ6

OPENSUSE-SU-2016_0356-1

OPENSUSE-SU-2024:10189-1

OPENSUSE-SU-2024:11349-1

OPENSUSE-SU-2024:12145-1

OPENSUSE-SU-2024:13137-1

OPENSUSE-SU-2024:14175-1

OPENSUSE-SU-2025:15125-1

OPENSUSE-SU-2026:10361-1

SUSE-SU-2016:0391-1

SUSE-SU-2016:1146-1

Produtos afetados

Ruby On Rails

Suse

Rails-Html-Sanitizer

PT-2016-3815 · Ruby+1 · Rails-Html-Sanitizer+2

CVE-2015-7578

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 58