CVE-2013-1855

EPSS 0.54%
Published 19.03.2013 22:55:01
Last modified 11.04.2025 00:51:21
Source secalert@redhat.com
Teams watchlist Login
Open Login

The sanitize_css method in lib/action_controller/vendor/html-scanner/html/sanitizer.rb in the Action Pack component in Ruby on Rails before 2.3.18, 3.0.x and 3.1.x before 3.1.12, and 3.2.x before 3.2.13 does not properly handle \n (newline) characters, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via crafted Cascading Style Sheets (CSS) token sequences.

Affected products Warnungen 0 Metrics 2 CWE 1 References 13

Data is provided by the National Vulnerability Database (NVD)

Rubyonrails ≫ Rails Version3.2.0

Rubyonrails ≫ Rails Version3.2.0 Updaterc1

Rubyonrails ≫ Rails Version3.2.0 Updaterc2

Rubyonrails ≫ Rails Version3.2.1

Rubyonrails ≫ Rails Version3.2.2

Rubyonrails ≫ Rails Version3.2.2 Updaterc1

Rubyonrails ≫ Rails Version3.2.3

Rubyonrails ≫ Rails Version3.2.3 Updaterc1

Rubyonrails ≫ Rails Version3.2.3 Updaterc2

Rubyonrails ≫ Rails Version3.2.4

Rubyonrails ≫ Rails Version3.2.4 Updaterc1

Rubyonrails ≫ Rails Version3.2.5

Rubyonrails ≫ Rails Version3.2.6

Rubyonrails ≫ Rails Version3.2.7

Rubyonrails ≫ Rails Version3.2.8

Rubyonrails ≫ Rails Version3.2.9

Rubyonrails ≫ Rails Version3.2.10

Rubyonrails ≫ Rails Version3.2.11

Rubyonrails ≫ Rails Version3.2.12

Rubyonrails ≫ Rails Version0.9.1

Rubyonrails ≫ Rails Version0.9.2

Rubyonrails ≫ Rails Version0.9.3

Rubyonrails ≫ Rails Version0.9.4

Rubyonrails ≫ Rails Version0.9.4.1

Rubyonrails ≫ Rails Version0.10.0

Rubyonrails ≫ Rails Version0.10.1

Rubyonrails ≫ Rails Version0.11.0

Rubyonrails ≫ Rails Version0.11.1

Rubyonrails ≫ Rails Version0.12.0

Rubyonrails ≫ Rails Version0.12.1

Rubyonrails ≫ Rails Version0.13.0

Rubyonrails ≫ Rails Version0.13.1

Rubyonrails ≫ Rails Version0.14.1

Rubyonrails ≫ Rails Version0.14.2

Rubyonrails ≫ Rails Version0.14.3

Rubyonrails ≫ Rails Version0.14.4

Rubyonrails ≫ Rails Version1.0.0

Rubyonrails ≫ Rails Version1.1.0

Rubyonrails ≫ Rails Version1.1.1

Rubyonrails ≫ Rails Version1.1.2

Rubyonrails ≫ Rails Version1.1.3

Rubyonrails ≫ Rails Version1.1.4

Rubyonrails ≫ Rails Version1.1.5

Rubyonrails ≫ Rails Version1.1.6

Rubyonrails ≫ Rails Version1.2.0

Rubyonrails ≫ Rails Version1.2.1

Rubyonrails ≫ Rails Version1.2.2

Rubyonrails ≫ Rails Version1.2.3

Rubyonrails ≫ Rails Version1.2.4

Rubyonrails ≫ Rails Version1.2.5

Rubyonrails ≫ Rails Version1.2.6

Rubyonrails ≫ Rails Version1.9.5

Rubyonrails ≫ Rails Version2.0.0

Rubyonrails ≫ Rails Version2.0.0 Updaterc1

Rubyonrails ≫ Rails Version2.0.0 Updaterc2

Rubyonrails ≫ Rails Version2.0.1

Rubyonrails ≫ Rails Version2.0.2

Rubyonrails ≫ Rails Version2.0.4

Rubyonrails ≫ Rails Version2.1.0

Rubyonrails ≫ Rails Version2.1.1

Rubyonrails ≫ Rails Version2.1.2

Rubyonrails ≫ Rails Version2.2.0

Rubyonrails ≫ Rails Version2.2.1

Rubyonrails ≫ Rails Version2.2.2

Rubyonrails ≫ Rails Version2.3.0

Rubyonrails ≫ Rails Version2.3.1

Rubyonrails ≫ Rails Version2.3.2

Rubyonrails ≫ Rails Version2.3.3

Rubyonrails ≫ Rails Version2.3.4

Rubyonrails ≫ Rails Version2.3.9

Rubyonrails ≫ Rails Version2.3.10

Rubyonrails ≫ Rails Version2.3.11

Rubyonrails ≫ Rails Version2.3.12

Rubyonrails ≫ Rails Version2.3.13

Rubyonrails ≫ Rails Version2.3.14

Rubyonrails ≫ Rails Version2.3.15

Rubyonrails ≫ Rails Version2.3.16

Rubyonrails ≫ Ruby On Rails Version <= 2.3.17

Rubyonrails ≫ Ruby On Rails Version0.5.0

Rubyonrails ≫ Ruby On Rails Version0.5.5

Rubyonrails ≫ Ruby On Rails Version0.5.6

Rubyonrails ≫ Ruby On Rails Version0.5.7

Rubyonrails ≫ Ruby On Rails Version0.6.0

Rubyonrails ≫ Ruby On Rails Version0.6.5

Rubyonrails ≫ Ruby On Rails Version0.7.0

Rubyonrails ≫ Ruby On Rails Version0.8.0

Rubyonrails ≫ Ruby On Rails Version0.8.5

Rubyonrails ≫ Ruby On Rails Version0.9.0

Rubyonrails ≫ Rails Version3.0.0

Rubyonrails ≫ Rails Version3.0.0 Updatebeta

Rubyonrails ≫ Rails Version3.0.0 Updatebeta2

Rubyonrails ≫ Rails Version3.0.0 Updatebeta3

Rubyonrails ≫ Rails Version3.0.0 Updatebeta4

Rubyonrails ≫ Rails Version3.0.0 Updaterc

Rubyonrails ≫ Rails Version3.0.0 Updaterc2

Rubyonrails ≫ Rails Version3.0.1

Rubyonrails ≫ Rails Version3.0.1 Updatepre

Rubyonrails ≫ Rails Version3.0.2

Rubyonrails ≫ Rails Version3.0.2 Updatepre

Rubyonrails ≫ Rails Version3.0.3

Rubyonrails ≫ Rails Version3.0.4 Updaterc1

Rubyonrails ≫ Rails Version3.0.5

Rubyonrails ≫ Rails Version3.0.5 Updaterc1

Rubyonrails ≫ Rails Version3.0.6

Rubyonrails ≫ Rails Version3.0.6 Updaterc1

Rubyonrails ≫ Rails Version3.0.6 Updaterc2

Rubyonrails ≫ Rails Version3.0.7

Rubyonrails ≫ Rails Version3.0.7 Updaterc1

Rubyonrails ≫ Rails Version3.0.7 Updaterc2

Rubyonrails ≫ Rails Version3.0.8

Rubyonrails ≫ Rails Version3.0.8 Updaterc1

Rubyonrails ≫ Rails Version3.0.8 Updaterc2

Rubyonrails ≫ Rails Version3.0.8 Updaterc3

Rubyonrails ≫ Rails Version3.0.8 Updaterc4

Rubyonrails ≫ Rails Version3.0.9

Rubyonrails ≫ Rails Version3.0.9 Updaterc1

Rubyonrails ≫ Rails Version3.0.9 Updaterc2

Rubyonrails ≫ Rails Version3.0.9 Updaterc3

Rubyonrails ≫ Rails Version3.0.9 Updaterc4

Rubyonrails ≫ Rails Version3.0.9 Updaterc5

Rubyonrails ≫ Rails Version3.0.10

Rubyonrails ≫ Rails Version3.0.10 Updaterc1

Rubyonrails ≫ Rails Version3.0.11

Rubyonrails ≫ Rails Version3.0.12

Rubyonrails ≫ Rails Version3.0.12 Updaterc1

Rubyonrails ≫ Rails Version3.0.13

Rubyonrails ≫ Rails Version3.0.13 Updaterc1

Rubyonrails ≫ Rails Version3.0.14

Rubyonrails ≫ Rails Version3.0.16

Rubyonrails ≫ Rails Version3.0.17

Rubyonrails ≫ Rails Version3.0.18

Rubyonrails ≫ Rails Version3.0.19

Rubyonrails ≫ Rails Version3.0.20

Rubyonrails ≫ Ruby On Rails Version3.0.4

Rubyonrails ≫ Rails Version3.1.0

Rubyonrails ≫ Rails Version3.1.0 Updatebeta1

Rubyonrails ≫ Rails Version3.1.0 Updaterc1

Rubyonrails ≫ Rails Version3.1.0 Updaterc2

Rubyonrails ≫ Rails Version3.1.0 Updaterc3

Rubyonrails ≫ Rails Version3.1.0 Updaterc4

Rubyonrails ≫ Rails Version3.1.0 Updaterc5

Rubyonrails ≫ Rails Version3.1.0 Updaterc6

Rubyonrails ≫ Rails Version3.1.0 Updaterc7

Rubyonrails ≫ Rails Version3.1.0 Updaterc8

Rubyonrails ≫ Rails Version3.1.1

Rubyonrails ≫ Rails Version3.1.1 Updaterc1

Rubyonrails ≫ Rails Version3.1.1 Updaterc2

Rubyonrails ≫ Rails Version3.1.1 Updaterc3

Rubyonrails ≫ Rails Version3.1.2

Rubyonrails ≫ Rails Version3.1.2 Updaterc1

Rubyonrails ≫ Rails Version3.1.2 Updaterc2

Rubyonrails ≫ Rails Version3.1.3

Rubyonrails ≫ Rails Version3.1.4

Rubyonrails ≫ Rails Version3.1.4 Updaterc1

Rubyonrails ≫ Rails Version3.1.5

Rubyonrails ≫ Rails Version3.1.5 Updaterc1

Rubyonrails ≫ Rails Version3.1.6

Rubyonrails ≫ Rails Version3.1.7

Rubyonrails ≫ Rails Version3.1.8

Rubyonrails ≫ Rails Version3.1.9

Rubyonrails ≫ Rails Version3.1.10

Rubyonrails ≫ Ruby On Rails Version3.1.11

Redhat ≫ Enterprise Linux Version6.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.54%	0.647

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:N/I:P/A:N

CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html

http://support.apple.com/kb/HT5784

http://lists.apple.com/archives/security-announce/2013/Oct/msg00006.html

http://rhn.redhat.com/errata/RHSA-2014-1863.html

http://weblog.rubyonrails.org/2013/3/18/SEC-ANN-Rails-3-2-13-3-1-12-and-2-3-18-have-been-released/

http://lists.opensuse.org/opensuse-updates/2013-04/msg00072.html

http://lists.opensuse.org/opensuse-updates/2013-04/msg00073.html

http://lists.opensuse.org/opensuse-updates/2014-01/msg00013.html

http://rhn.redhat.com/errata/RHSA-2013-0698.html

https://groups.google.com/group/rubyonrails-security/msg/8ed835a97cdd1afd?dmode=source&output=gplain

https://nvd.nist.gov/vuln/detail/CVE-2013-1855

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2013-1855

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2013-1855

EUVD