CVE-2015-7579
16.02.2016, 02:59
Cross-site scripting (XSS) vulnerability in the rails-html-sanitizer gem 1.0.2 for Ruby on Rails 4.2.x and 5.x allows remote attackers to inject arbitrary web script or HTML via an HTML entity that is mishandled by the Rails::Html::FullSanitizer class.
| Vendor | Product | Version |
|---|---|---|
| rubyonrails | html_sanitizer | 𝑥 ≤ 1.0.2 |
𝑥
= Vulnerable software versions
Debian Releases
Ubuntu Releases
References