The sanitize helper in lib/action_controller/vendor/html-scanner/html/sanitizer.rb in the Action Pack component in Ruby on Rails before 2.3.18, 3.0.x and 3.1.x before 3.1.12, and 3.2.x before 3.2.13 does not properly handle encoded : (colon) characters in URLs, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via a crafted scheme name, as demonstrated by including a : sequence.
No CVSS v3.1
No CVSS v3.0
Access Vector Network
Access Complexity Medium
Authentication None
Confidentiality Impact None
Integrity Impact Partial
Availability Impact None
AV:N/AC:M/Au:N/C:N/I:P/A:N
Vendors | Products |
---|---|
Redhat |
|
Rubyonrails |
|
Configuration 1 [-]
|
Configuration 2 [-]
|
Configuration 3 [-]
|
Configuration 4 [-]
|
Configuration 5 [-]
|
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: redhat
Published: 2013-03-19T22:00:00
Updated: 2014-12-09T18:57:01
Reserved: 2013-02-19T00:00:00
Link: CVE-2013-1857
JSON object: View
NVD Information
Status : Analyzed
Published: 2013-03-19T22:55:01.087
Modified: 2019-08-08T15:42:45.623
Link: CVE-2013-1857
JSON object: View
Redhat Information
No data.
CWE