CVE-2013-1857 in Mac OS X Serverthông tin

Tóm tắt

Bởi MITRE

The sanitize helper in lib/action_controller/vendor/html-scanner/html/sanitizer.rb in the Action Pack component in Ruby on Rails before 2.3.18, 3.0.x and 3.1.x before 3.1.12, and 3.2.x before 3.2.13 does not properly handle encoded : (colon) characters in URLs, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via a crafted scheme name, as demonstrated by including a : sequence.

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

Đặt trước

19/02/2013

Tiết lộ

19/03/2013

Kiểm duyệt

được chấp nhận

mục

2

Liên hệ

hiển thị

EPSS

0.01868

KEV

không

Các hoạt động

rất thấp

Nguồn

Do you want to use VulDB in your project?

Use the official API to access entries easily!