CVE-2013-1857

DEB

Medium

The sanitize helper in lib/action_controller/vendor/html-scanner/html/sanitizer.rb in the Action Pack component in Ruby on Rails before 2.3…

CVSS

4.3

Medium

EPSS

0.02

p76

Published

2013-01-01

Updated

2013-01-01

Description

The sanitize helper in lib/action_controller/vendor/html-scanner/html/sanitizer.rb in the Action Pack component in Ruby on Rails before 2.3.18, 3.0.x and 3.1.x before 3.1.12, and 3.2.x before 3.2.13 does not properly handle encoded : (colon) characters in URLs, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via a crafted scheme name, as demonstrated by including a : sequence.

Tags · CWE

XSS

CWE-79

CAPEC-63

CAPEC-85

CAPEC-209

CAPEC-588

CAPEC-591

CAPEC-592

Affected products

KatelloRailsRailsRailsRailsRailsRailsRailsRailsRailsRailsRailsRailsRuby-actionpack-2.3Ruby-actionpack-3.2Ruby-actionpack-3.2Ruby-activerecord-3.2Ruby-activesupport-3.2Ruby-rails-3.2Ruby193-rubygem-actionmailer

CVSS vector

AV:N/AC:M/Au:N/C:N/I:P/A:N

Timeline

2013-01-01

Published

2013-01-01

Updated

CVSS 3.1 breakdown

Attack Vector

AV: N

Network (N)

Attack Complexity

AC: M

Medium

Authentication

Au: N

None (N)

Confidentiality Impact

C: N

None (N)

Integrity Impact

I: P

Partial

Availability Impact

A: N

None (N)

Exploit indicators

EPSS

0.019 · p76

Known exploited (KEV)

Known exploits — Сканер-ВС

No Сканер-ВС checks registered for this vulnerability yet.

Affected products

Product	Vendor	Status
katello		Tracked
rails		Tracked
rails		Tracked
rails		Tracked
rails		Tracked
rails		Tracked
rails		Tracked
rails		Tracked
rails		Tracked
rails		Tracked
rails		Tracked
rails		Tracked
rails		Tracked
ruby-actionpack-2.3		Tracked
ruby-actionpack-3.2		Tracked
ruby-actionpack-3.2		Tracked
ruby-activerecord-3.2		Tracked
ruby-activesupport-3.2		Tracked
ruby-rails-3.2		Tracked
ruby193-rubygem-actionmailer		Tracked

Showing first 20 of 40

Source databases

DEB

CVE

RED

UBU