CVE-2013-1857 in Mac OS X Serverinfo

Summary

The sanitize helper in lib/action_controller/vendor/html-scanner/html/sanitizer.rb in the Action Pack component in Ruby on Rails before 2.3.18, 3.0.x and 3.1.x before 3.1.12, and 3.2.x before 3.2.13 does not properly handle encoded : (colon) characters in URLs, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via a crafted scheme name, as demonstrated by including a : sequence.

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

Reservation

02/19/2013

Disclosure

03/19/2013

Status

Confirmed

Entries

VulDB provides additional information and datapoints for this CVE:

ID	Vulnerability	CWE	Exp	Cou	CVE
10953	Apple Mac OS X Server Profile Manager cross site scripting	79	Not defined	Official fix	CVE-2013-1857
8033	Ruby on Rails Sanitize Helper sanitizer.rb cross site scripting	79	Not defined	Official fix	CVE-2013-1857

Description

CPE

CWE

CVSS

Exploits

History

Diff

Relate

Threat Intelligence

API JSON

API XML

API CSV

Sources

◂ PreviousOverviewNext ▸

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!