XSS in Rubyonrails Rails

CVE-2013-1857

The sanitize helper in lib/action_controller/vendor/html-scanner/html/sanitizer.rb in the Action Pack component in Ruby on Rails before 2.3.18, 3.0.x and 3.1.x before 3.1.12, and 3.2.x before 3.2.13 does not properly handle encoded : (colo…

Vulnerability class: XSS (Cross-Site Scripting)

EPSS: 0.006 (70.6th percentile) — read the EPSS interpretation.

Affected products

Rubyonrails Rails — versions 0.9.1, 0.9.2, 0.9.3
Rubyonrails Ruby_on_rails — versions 0.5.0, 0.5.5, 0.5.6
Redhat Enterprise_linux — versions 6.0
N/a — versions n/a

Weakness classification (CWE)

CWE-79 — Cross-site Scripting

References

APPLE-SA-2013-10-22-5 (vendor-advisory, x_refsource_APPLE)
openSUSE-SU-2014:0019 (vendor-advisory, x_refsource_SUSE)
openSUSE-SU-2013:0662 (vendor-advisory, x_refsource_SUSE)
secalert@redhat.com (x_refsource_CONFIRM)
RHSA-2013:0698 (x_refsource_REDHAT, vendor-advisory)
APPLE-SA-2013-06-04-1 (vendor-advisory, x_refsource_APPLE)
openSUSE-SU-2013:0661 (vendor-advisory, x_refsource_SUSE)
[rubyonrails-security] 20130318 [CVE-2013-1857] XSS Vulnerability in the `sanitize` helper of Ruby on Rails (mailing-list, x_refsource_MLIST)
RHSA-2014:1863 (x_refsource_REDHAT, vendor-advisory)
secalert@redhat.com (x_refsource_CONFIRM)