CVE-2013-1855

Rails < 2.3.17 - XSS

Title source: rule

Description

The sanitize_css method in lib/action_controller/vendor/html-scanner/html/sanitizer.rb in the Action Pack component in Ruby on Rails before 2.3.18, 3.0.x and 3.1.x before 3.1.12, and 3.2.x before 3.2.13 does not properly handle \n (newline) characters, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via crafted Cascading Style Sheets (CSS) token sequences.

References (10)

[Mailing List] http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html

[Mailing List] http://lists.apple.com/archives/security-announce/2013/Oct/msg00006.html

[Mailing List] https://groups.google.com/group/rubyonrails-security/msg/8ed835a97cdd1afd?dmode=source&output=gplain

[Vendor Advisory] http://rhn.redhat.com/errata/RHSA-2013-0698.html

[Vendor Advisory] http://rhn.redhat.com/errata/RHSA-2014-1863.html

[Mailing List] http://lists.opensuse.org/opensuse-updates/2013-04/msg00072.html

[Mailing List] http://lists.opensuse.org/opensuse-updates/2013-04/msg00073.html

[Various Sources] http://weblog.rubyonrails.org/2013/3/18/SEC-ANN-Rails-3-2-13-3-1-12-and-2-3-18-have-been-released/

[Vendor Advisory] http://support.apple.com/kb/HT5784

[Mailing List] http://lists.opensuse.org/opensuse-updates/2014-01/msg00013.html

Scores

EPSS 0.0054

EPSS Percentile 67.2%

Details

CWE

CWE-79

Status published

Products (50)

rubyonrails/rails

rubyonrails/rails

rubyonrails/rails

rubyonrails/rails

rubyonrails/rails

rubyonrails/rails

rubyonrails/rails

rubyonrails/rails

rubyonrails/rails

rubyonrails/rails

... and 40 more

Published Mar 19, 2013

Tracked Since Feb 18, 2026