CVE-2013-1855 in Ruby on Rails and Red Hat Products
Published on March 19, 2013

The sanitize_css method in lib/action_controller/vendor/html-scanner/html/sanitizer.rb in the Action Pack component in Ruby on Rails before 2.3.18, 3.0.x and 3.1.x before 3.1.12, and 3.2.x before 3.2.13 does not properly handle \n (newline) characters, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via crafted Cascading Style Sheets (CSS) token sequences.

Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory NVD

Products Associated with CVE-2013-1855

You can be notified by email with stack.watch whenever vulnerabilities like CVE-2013-1855 are published in these products:

Ruby on Rails Rails

Ruby on Rails

Red Hat Enterprise Linux (RHEL)

Exploit Probability

EPSS

0.54%

Percentile

67.08%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

CVE-2013-1855 in Ruby on Rails and Red Hat ProductsPublished on March 19, 2013

Products Associated with CVE-2013-1855

Exploit Probability

CVE-2013-1855 in Ruby on Rails and Red Hat Products
Published on March 19, 2013