CVE-2015-7580
published 2016-02-16CVE-2015-7580: Cross-site scripting (XSS) vulnerability in lib/rails/html/scrubbers.rb in the rails-html-sanitizer gem before 1.0.3 for Ruby on Rails 4.2.x and 5.x allows…
PriorityP426medium6.1CVSS 3.0
AVNACLPRNUIRSCCLILAN
EPSS
2.20%
80.3th percentile
Cross-site scripting (XSS) vulnerability in lib/rails/html/scrubbers.rb in the rails-html-sanitizer gem before 1.0.3 for Ruby on Rails 4.2.x and 5.x allows remote attackers to inject arbitrary web script or HTML via a crafted CDATA node.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | ruby-rails-html-sanitizer | < ruby-rails-html-sanitizer 1.0.3-1 (bookworm) | ruby-rails-html-sanitizer 1.0.3-1 (bookworm) |
| rails | rails-html-sanitizer | >= 0 < 1.0.3 | 1.0.3 |
| rubyonrails | html_sanitizer | <= 1.0.2 | — |
CVSS provenance
nvdv3.06.1MEDIUMCVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
osv6.1MEDIUM
vendor_debian6.1MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
rails-html-sanitizer Cross-site Scripting vulnerability
osv·2017-10-24
CVE-2015-7580 [MEDIUM] rails-html-sanitizer Cross-site Scripting vulnerability
rails-html-sanitizer Cross-site Scripting vulnerability
Cross-site scripting (XSS) vulnerability in `lib/rails/html/scrubbers.rb` in the rails-html-sanitizer gem before 1.0.3 for Ruby on Rails 4.2.x and 5.x allows remote attackers to inject arbitrary web script or HTML via a crafted CDATA node.
GHSA
rails-html-sanitizer Cross-site Scripting vulnerability
ghsa·2017-10-24
CVE-2015-7580 [MEDIUM] CWE-79 rails-html-sanitizer Cross-site Scripting vulnerability
rails-html-sanitizer Cross-site Scripting vulnerability
Cross-site scripting (XSS) vulnerability in `lib/rails/html/scrubbers.rb` in the rails-html-sanitizer gem before 1.0.3 for Ruby on Rails 4.2.x and 5.x allows remote attackers to inject arbitrary web script or HTML via a crafted CDATA node.
OSV
CVE-2015-7580: Cross-site scripting (XSS) vulnerability in lib/rails/html/scrubbers
osv·2016-02-16·CVSS 6.1
CVE-2015-7580 [MEDIUM] CVE-2015-7580: Cross-site scripting (XSS) vulnerability in lib/rails/html/scrubbers
Cross-site scripting (XSS) vulnerability in lib/rails/html/scrubbers.rb in the rails-html-sanitizer gem before 1.0.3 for Ruby on Rails 4.2.x and 5.x allows remote attackers to inject arbitrary web script or HTML via a crafted CDATA node.
Debian
CVE-2015-7580: ruby-rails-html-sanitizer - Cross-site scripting (XSS) vulnerability in lib/rails/html/scrubbers.rb in the r...
vendor_debian·2015·CVSS 6.1
CVE-2015-7580 [MEDIUM] CVE-2015-7580: ruby-rails-html-sanitizer - Cross-site scripting (XSS) vulnerability in lib/rails/html/scrubbers.rb in the r...
Cross-site scripting (XSS) vulnerability in lib/rails/html/scrubbers.rb in the rails-html-sanitizer gem before 1.0.3 for Ruby on Rails 4.2.x and 5.x allows remote attackers to inject arbitrary web script or HTML via a crafted CDATA node.
Scope: local
bookworm: resolved (fixed in 1.0.3-1)
bullseye: resolved (fixed in 1.0.3-1)
forky: resolved (fixed in 1.0.3-1)
sid: resolved (fixed in 1.0.3-1)
trixie: resolved (fixed in 1.0.3-1)
No detection rules found.
No public exploits indexed.
HackerOne
Potential XSS on sanitize/Rails::Html::WhiteListSanitizer
hackerone·2016-03-13·CVSS 6.1
CVE-2015-7580 [MEDIUM] Potential XSS on sanitize/Rails::Html::WhiteListSanitizer
Potential XSS on sanitize/Rails::Html::WhiteListSanitizer
Possible XSS vulnerability in rails-html-sanitizer
There is a possible XSS vulnerability in the white list sanitizer in the
rails-html-sanitizer gem. This vulnerability has been assigned the CVE
identifier CVE-2015-7580.
Versions Affected: All.
Not affected: None.
Fixed Versions: v1.0.3
Impact
Carefully crafted strings can cause user input to bypass the sanitization in
the white list sanitizer which will can lead to an XSS attack.
Vulnerable code will look something like this:
All users running an affected release should either upgrade or use one of the
workarounds immediately.
Releases
The FIXED releases are available at the normal locations.
Workarounds
Putting the following monkey patch in an initializer can help to mit
Bugzilla
CVE-2015-7580 rubygem-rails-html-sanitizer: Possible XSS vulnerability in the white list sanitizer
bugzilla·2016-01-26·CVSS 6.1
CVE-2015-7580 [MEDIUM] CVE-2015-7580 rubygem-rails-html-sanitizer: Possible XSS vulnerability in the white list sanitizer
CVE-2015-7580 rubygem-rails-html-sanitizer: Possible XSS vulnerability in the white list sanitizer
XSS vulnerability in the white list sanitizer in the rails-html-sanitizer gem was reported. Carefully crafted strings can cause user input to bypass the sanitization in the white list sanitizer which will can lead to an XSS attack.
External References:
https://groups.google.com/forum/#!msg/rubyonrails-security/uh--W4TDwmI/m_CVZtdbFQAJ
http://weblog.rubyonrails.org/2016/1/25/Rails-5-0-0-beta1-1-4-2-5-1-4-1-14-1-3-2-22-1-and-rails-html-sanitizer-1-0-3-have-been-released/
http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00014.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-02/msg00024.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-04/msg00053.htmlhttp://www.openwall.com/lists/oss-security/2016/01/25/15http://www.securitytracker.com/id/1034816https://github.com/rails/rails-html-sanitizer/commit/63903b0eaa6d2a4e1c91bc86008256c4c8335e78https://groups.google.com/forum/message/raw?msg=rubyonrails-security/uh--W4TDwmI/m_CVZtdbFQAJhttp://lists.opensuse.org/opensuse-security-announce/2016-02/msg00014.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-02/msg00024.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-04/msg00053.htmlhttp://www.openwall.com/lists/oss-security/2016/01/25/15http://www.securitytracker.com/id/1034816https://github.com/rails/rails-html-sanitizer/commit/63903b0eaa6d2a4e1c91bc86008256c4c8335e78https://groups.google.com/forum/message/raw?msg=rubyonrails-security/uh--W4TDwmI/m_CVZtdbFQAJ
2016-02-16
Published