CVE-2013-1855

by Fred · 19/03/2013

The sanitize_css method in lib/action_controller/vendor/html-scanner/html/sanitizer.rb in the Action Pack component in Ruby on Rails before 2.3.18, 3.0.x and 3.1.x before 3.1.12, and 3.2.x before 3.2.13 does not properly handle n (newline) characters, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via crafted Cascading Style Sheets (CSS) token sequences.

Date published : 2013-03-19

http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html

http://lists.apple.com/archives/security-announce/2013/Oct/msg00006.html

CVE-2013-1855

Similar

Recent Posts

Categories

CVE-2013-1855

Share this:

Similar

Recent Posts

Categories

Tags