Anfälligkeitssuche        Suche in 172616 CVE Beschreibungen
und 81291 Test Beschreibungen,
Zugriff auf 10,000+ Quellverweise.
Tests   CVE   Alle  

CVE Kennung:CVE-2013-1855
Beschreibung:The sanitize_css method in lib/action_controller/vendor/html- scanner/html/sanitizer.rb in the Action Pack component in Ruby on Rails before 2.3.18, 3.0.x and 3.1.x before 3.1.12, and 3.2.x before 3.2.13 does not properly handle \n (newline) characters, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via crafted Cascading Style Sheets (CSS) token sequences.
Test Kennungen: Nicht verfügbar
Querverweise: Common Vulnerability Exposure (CVE) ID: CVE-2013-1855
http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html
http://lists.apple.com/archives/security-announce/2013/Oct/msg00006.html
https://groups.google.com/group/rubyonrails-security/msg/8ed835a97cdd1afd?dmode=source&output=gplain
RedHat Security Advisories: RHSA-2013:0698
http://rhn.redhat.com/errata/RHSA-2013-0698.html
RedHat Security Advisories: RHSA-2014:1863
http://rhn.redhat.com/errata/RHSA-2014-1863.html
SuSE Security Announcement: openSUSE-SU-2013:0661 (Google Search)
http://lists.opensuse.org/opensuse-updates/2013-04/msg00072.html
SuSE Security Announcement: openSUSE-SU-2013:0662 (Google Search)
http://lists.opensuse.org/opensuse-updates/2013-04/msg00073.html
SuSE Security Announcement: openSUSE-SU-2014:0019 (Google Search)
http://lists.opensuse.org/opensuse-updates/2014-01/msg00013.html




© 1998-2020 E-Soft Inc. Alle Rechte vorbehalten.