CVE-2015-7578

Published Feb 16, 2016

Last updated 5 years ago

CVSS medium 6.1

Overview

Description: Cross-site scripting (XSS) vulnerability in the rails-html-sanitizer gem before 1.0.3 for Ruby on Rails 4.2.x and 5.x allows remote attackers to inject arbitrary web script or HTML via crafted tag attributes.
Source: secalert@redhat.com
NVD status: Modified

Risk scores

CVSS 3.0

Type: Primary
Base score: 6.1
Impact score: 2.7
Exploitability score: 2.8
Vector string: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Severity: MEDIUM

CVSS 2.0

Type: Primary
Base score: 4.3
Impact score: 2.9
Exploitability score: 8.6
Vector string: AV:N/AC:M/Au:N/C:N/I:P/A:N

Weaknesses

nvd@nist.gov: CWE-79

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:rubyonrails:html_sanitizer:*:*:*:*:*:ruby:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4CBB3D93-016A-43CA-9325-3F5D58DD4FD4",
            "versionEndIncluding": "1.0.2"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:rubyonrails:rails:4.2.0:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "9A68D41F-36A9-4B77-814D-996F4E48FA79"
          },
          {
            "criteria": "cpe:2.3:a:rubyonrails:rails:4.2.0:beta1:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "709A19A5-8FD1-4F9C-A38C-F06242A94D68"
          },
          {
            "criteria": "cpe:2.3:a:rubyonrails:rails:4.2.0:beta2:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "8104482C-E8F5-40A7-8B27-234FEF725FD0"
          },
          {
            "criteria": "cpe:2.3:a:rubyonrails:rails:4.2.0:beta3:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "2CFF8677-EA00-4F7E-BFF9-272482206DB5"
          },
          {
            "criteria": "cpe:2.3:a:rubyonrails:rails:4.2.0:beta4:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "8D7DF5CD-DA28-492D-B5EE-D252ECCC8D96"
          },
          {
            "criteria": "cpe:2.3:a:rubyonrails:rails:4.2.0:rc1:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "85435026-9855-4BF4-A436-832628B005FD"
          },
          {
            "criteria": "cpe:2.3:a:rubyonrails:rails:4.2.0:rc2:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "56C2308F-A590-47B0-9791-7865D189196F"
          },
          {
            "criteria": "cpe:2.3:a:rubyonrails:rails:4.2.0:rc3:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "9A266882-DABA-4A4C-88E6-60E993EE0947"
          },
          {
            "criteria": "cpe:2.3:a:rubyonrails:rails:4.2.1:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "83F1142C-3BFB-4B72-A033-81E20DB19D02"
          },
          {
            "criteria": "cpe:2.3:a:rubyonrails:rails:4.2.1:rc1:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "1FA738A1-227B-4665-B65E-666883FFAE96"
          },
          {
            "criteria": "cpe:2.3:a:rubyonrails:rails:4.2.1:rc2:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "6F00718C-A9E8-4E85-8DA6-33BF11F2DCCE"
          },
          {
            "criteria": "cpe:2.3:a:rubyonrails:rails:4.2.1:rc3:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "10789A2D-6401-4119-BFBE-2EE4C16216D3"
          },
          {
            "criteria": "cpe:2.3:a:rubyonrails:rails:4.2.1:rc4:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "70ABD462-7142-4831-8EB6-801EC1D05573"
          },
          {
            "criteria": "cpe:2.3:a:rubyonrails:rails:4.2.2:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "81D717DB-7C80-48AA-A774-E291D2E75D6E"
          },
          {
            "criteria": "cpe:2.3:a:rubyonrails:rails:4.2.3:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "06B357FB-0307-4EFA-9C5B-3C2CDEA48584"
          },
          {
            "criteria": "cpe:2.3:a:rubyonrails:rails:4.2.3:rc1:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "E4BD8840-0F1C-49D3-B843-9CFE64948018"
          },
          {
            "criteria": "cpe:2.3:a:rubyonrails:rails:4.2.4:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "79D5B492-43F9-470F-BD21-6EFD93E78453"
          },
          {
            "criteria": "cpe:2.3:a:rubyonrails:rails:4.2.4:rc1:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "4EC1F602-D48C-458A-A063-4050BE3BB25F"
          },
          {
            "criteria": "cpe:2.3:a:rubyonrails:rails:4.2.5:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "F6A1C015-56AD-489C-B301-68CF1DBF1BEF"
          },
          {
            "criteria": "cpe:2.3:a:rubyonrails:rails:4.2.5:rc1:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "FD191625-ACE2-46B6-9AAD-12D682C732C2"
          },
          {
            "criteria": "cpe:2.3:a:rubyonrails:rails:4.2.5:rc2:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "02C7DB56-267B-4057-A9BA-36D1E58C6282"
          },
          {
            "criteria": "cpe:2.3:a:rubyonrails:rails:4.2.5.1:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "EC163D49-691B-4125-A983-6CF6F6D86DEE"
          },
          {
            "criteria": "cpe:2.3:a:rubyonrails:rails:4.2.5.2:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "68B537D1-1584-4D15-9C75-08ED4D45DC3A"
          },
          {
            "criteria": "cpe:2.3:a:rubyonrails:rails:4.2.6:rc1:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "1E3B4233-E117-4E77-A60D-3DFD5073154D"
          },
          {
            "criteria": "cpe:2.3:a:rubyonrails:rails:5.0.0:beta1:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "AF8F94CF-D504-4165-A69E-3F1198CB162A"
          },
          {
            "criteria": "cpe:2.3:a:rubyonrails:rails:5.0.0:beta1.1:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "C8C25977-AB6C-45E1-8956-871EB31B36BA"
          },
          {
            "criteria": "cpe:2.3:a:rubyonrails:rails:5.0.0:beta2:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "5F0AB6B0-3506-4332-A183-309FAC4882CE"
          },
          {
            "criteria": "cpe:2.3:a:rubyonrails:rails:5.0.0:beta3:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "6D7B4EBC-B634-4AD7-9F7A-54D14821D5AE"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]

Overview

Risk scores

CVSS 3.0

CVSS 2.0

Weaknesses

Social media

Configurations

References