Security Advisory

CVE-2015-7580

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2016-02-16 02:00:00

Last updated 2024-08-06 07:51:28

Assigner redhat

State PUBLISHED

Description

Cross-site scripting (XSS) vulnerability in lib/rails/html/scrubbers.rb in the rails-html-sanitizer gem before 1.0.3 for Ruby on Rails 4.2.x and 5.x allows remote attackers to inject arbitrary web script or HTML via a crafted CDATA node.

← Browse all CVEs View on cve.org ↗