CVE-2013-1855

Ruby on Rails < 2.3.18, 3.0.x-3.1.x < 3.1.12, 3.2.x < 3.2.13 - Cross-Site Scripting via CSS Token Sequence

Title source: llm
STIX 2.1

Description

The sanitize_css method in lib/action_controller/vendor/html-scanner/html/sanitizer.rb in the Action Pack component in Ruby on Rails before 2.3.18, 3.0.x and 3.1.x before 3.1.12, and 3.2.x before 3.2.13 does not properly handle \n (newline) characters, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via crafted Cascading Style Sheets (CSS) token sequences.

References (10)

Core 10
Core References
Vendor Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2013-0698.html
Vendor Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2014-1863.html
Mailing List vendor-advisory x_refsource_suse
http://lists.opensuse.org/opensuse-updates/2013-04/msg00073.html
Mailing List vendor-advisory x_refsource_suse
http://lists.opensuse.org/opensuse-updates/2013-04/msg00072.html
Mailing List vendor-advisory x_refsource_apple
http://lists.apple.com/archives/security-announce/2013/Oct/msg00006.html
Mailing List vendor-advisory x_refsource_suse
http://lists.opensuse.org/opensuse-updates/2014-01/msg00013.html
Vendor Advisory x_refsource_confirm
http://support.apple.com/kb/HT5784
Mailing List vendor-advisory x_refsource_apple
http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html

Scores

EPSS 0.0054
EPSS Percentile 67.6%

Details

CWE
CWE-79
Status published
Products (44)
redhat/enterprise_linux 6.0
rubygems/actionpack 0 - 2.3.18RubyGems
rubyonrails/rails 3.2.0 (3 CPE variants)
rubyonrails/rails 3.2.1
rubyonrails/rails 3.2.2 (2 CPE variants)
rubyonrails/rails 3.2.3 (3 CPE variants)
rubyonrails/rails 3.2.4 (2 CPE variants)
rubyonrails/rails 3.2.5
rubyonrails/rails 3.2.6
rubyonrails/rails 3.2.7
... and 34 more
Published Mar 19, 2013
Tracked Since Feb 18, 2026