Rubyonrails : Security Vulnerabilities, CVEs, Published In 2016 (XSS)

CVE-2016-6316

Cross-site scripting (XSS) vulnerability in Action View in Ruby on Rails 3.x before 3.2.22.3, 4.x before 4.2.7.1, and 5.x before 5.0.0.1 might allow remote attackers to inject arbitrary web script or HTML via text declared as "HTML safe" and used as attribute values in tag handlers.
Max CVSS
6.1
EPSS Score
0.22%
Published
2016-09-07
Updated
2019-08-08

CVE-2015-7580

Cross-site scripting (XSS) vulnerability in lib/rails/html/scrubbers.rb in the rails-html-sanitizer gem before 1.0.3 for Ruby on Rails 4.2.x and 5.x allows remote attackers to inject arbitrary web script or HTML via a crafted CDATA node.
Max CVSS
6.1
EPSS Score
0.26%
Published
2016-02-16
Updated
2019-08-08

CVE-2015-7579

Cross-site scripting (XSS) vulnerability in the rails-html-sanitizer gem 1.0.2 for Ruby on Rails 4.2.x and 5.x allows remote attackers to inject arbitrary web script or HTML via an HTML entity that is mishandled by the Rails::Html::FullSanitizer class.
Max CVSS
6.1
EPSS Score
0.30%
Published
2016-02-16
Updated
2019-08-08

CVE-2015-7578

Cross-site scripting (XSS) vulnerability in the rails-html-sanitizer gem before 1.0.3 for Ruby on Rails 4.2.x and 5.x allows remote attackers to inject arbitrary web script or HTML via crafted tag attributes.
Max CVSS
6.1
EPSS Score
0.30%
Published
2016-02-16
Updated
2019-08-08
4 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!
Accept Close