CVE-2015-7580

{"id": "CVE-2015-7580", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.0", "baseScore": 6.1, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 2.8}]}, "published": "2016-02-16T02:59:03.970", "references": [{"url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00014.html", "source": "secalert@redhat.com"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00024.html", "source": "secalert@redhat.com"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00053.html", "source": "secalert@redhat.com"}, {"url": "http://www.openwall.com/lists/oss-security/2016/01/25/15", "source": "secalert@redhat.com"}, {"url": "http://www.securitytracker.com/id/1034816", "source": "secalert@redhat.com"}, {"url": "https://github.com/rails/rails-html-sanitizer/commit/63903b0eaa6d2a4e1c91bc86008256c4c8335e78", "source": "secalert@redhat.com"}, {"url": "https://groups.google.com/forum/message/raw?msg=rubyonrails-security/uh--W4TDwmI/m_CVZtdbFQAJ", "source": "secalert@redhat.com"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00014.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00024.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00053.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.openwall.com/lists/oss-security/2016/01/25/15", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securitytracker.com/id/1034816", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://github.com/rails/rails-html-sanitizer/commit/63903b0eaa6d2a4e1c91bc86008256c4c8335e78", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://groups.google.com/forum/message/raw?msg=rubyonrails-security/uh--W4TDwmI/m_CVZtdbFQAJ", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "Cross-site scripting (XSS) vulnerability in lib/rails/html/scrubbers.rb in the rails-html-sanitizer gem before 1.0.3 for Ruby on Rails 4.2.x and 5.x allows remote attackers to inject arbitrary web script or HTML via a crafted CDATA node."}, {"lang": "es", "value": "Vulnerabilidad de XSS en lib/rails/html/scrubbers.rb en la gema rails-html-sanitizer en versiones anteriores a 1.0.3 para Ruby on Rails 4.2.x y 5.x permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a trav\u00e9s de un nodo CDATA manipulado."}], "lastModified": "2024-11-21T02:37:01.367", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:rubyonrails:html_sanitizer:*:*:*:*:*:ruby:*:*", "vulnerable": true, "matchCriteriaId": "4CBB3D93-016A-43CA-9325-3F5D58DD4FD4", "versionEndIncluding": "1.0.2"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:rubyonrails:rails:4.2.0:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "9A68D41F-36A9-4B77-814D-996F4E48FA79"}, {"criteria": "cpe:2.3:a:rubyonrails:rails:4.2.0:beta1:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "709A19A5-8FD1-4F9C-A38C-F06242A94D68"}, {"criteria": "cpe:2.3:a:rubyonrails:rails:4.2.0:beta2:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "8104482C-E8F5-40A7-8B27-234FEF725FD0"}, {"criteria": "cpe:2.3:a:rubyonrails:rails:4.2.0:beta3:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "2CFF8677-EA00-4F7E-BFF9-272482206DB5"}, {"criteria": "cpe:2.3:a:rubyonrails:rails:4.2.0:beta4:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "8D7DF5CD-DA28-492D-B5EE-D252ECCC8D96"}, {"criteria": "cpe:2.3:a:rubyonrails:rails:4.2.0:rc1:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "85435026-9855-4BF4-A436-832628B005FD"}, {"criteria": "cpe:2.3:a:rubyonrails:rails:4.2.0:rc2:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "56C2308F-A590-47B0-9791-7865D189196F"}, {"criteria": "cpe:2.3:a:rubyonrails:rails:4.2.0:rc3:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "9A266882-DABA-4A4C-88E6-60E993EE0947"}, {"criteria": "cpe:2.3:a:rubyonrails:rails:4.2.1:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "83F1142C-3BFB-4B72-A033-81E20DB19D02"}, {"criteria": "cpe:2.3:a:rubyonrails:rails:4.2.1:rc1:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "1FA738A1-227B-4665-B65E-666883FFAE96"}, {"criteria": "cpe:2.3:a:rubyonrails:rails:4.2.1:rc2:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "6F00718C-A9E8-4E85-8DA6-33BF11F2DCCE"}, {"criteria": "cpe:2.3:a:rubyonrails:rails:4.2.1:rc3:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "10789A2D-6401-4119-BFBE-2EE4C16216D3"}, {"criteria": "cpe:2.3:a:rubyonrails:rails:4.2.1:rc4:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "70ABD462-7142-4831-8EB6-801EC1D05573"}, {"criteria": "cpe:2.3:a:rubyonrails:rails:4.2.2:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "81D717DB-7C80-48AA-A774-E291D2E75D6E"}, {"criteria": "cpe:2.3:a:rubyonrails:rails:4.2.3:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "06B357FB-0307-4EFA-9C5B-3C2CDEA48584"}, {"criteria": "cpe:2.3:a:rubyonrails:rails:4.2.3:rc1:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "E4BD8840-0F1C-49D3-B843-9CFE64948018"}, {"criteria": "cpe:2.3:a:rubyonrails:rails:4.2.4:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "79D5B492-43F9-470F-BD21-6EFD93E78453"}, {"criteria": "cpe:2.3:a:rubyonrails:rails:4.2.4:rc1:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "4EC1F602-D48C-458A-A063-4050BE3BB25F"}, {"criteria": "cpe:2.3:a:rubyonrails:rails:4.2.5:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "F6A1C015-56AD-489C-B301-68CF1DBF1BEF"}, {"criteria": "cpe:2.3:a:rubyonrails:rails:4.2.5:rc1:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "FD191625-ACE2-46B6-9AAD-12D682C732C2"}, {"criteria": "cpe:2.3:a:rubyonrails:rails:4.2.5:rc2:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "02C7DB56-267B-4057-A9BA-36D1E58C6282"}, {"criteria": "cpe:2.3:a:rubyonrails:rails:4.2.5.1:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "EC163D49-691B-4125-A983-6CF6F6D86DEE"}, {"criteria": "cpe:2.3:a:rubyonrails:rails:4.2.5.2:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "68B537D1-1584-4D15-9C75-08ED4D45DC3A"}, {"criteria": "cpe:2.3:a:rubyonrails:rails:4.2.6:rc1:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "1E3B4233-E117-4E77-A60D-3DFD5073154D"}, {"criteria": "cpe:2.3:a:rubyonrails:rails:5.0.0:beta1:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "AF8F94CF-D504-4165-A69E-3F1198CB162A"}, {"criteria": "cpe:2.3:a:rubyonrails:rails:5.0.0:beta1.1:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "C8C25977-AB6C-45E1-8956-871EB31B36BA"}, {"criteria": "cpe:2.3:a:rubyonrails:rails:5.0.0:beta2:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "5F0AB6B0-3506-4332-A183-309FAC4882CE"}, {"criteria": "cpe:2.3:a:rubyonrails:rails:5.0.0:beta3:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "6D7B4EBC-B634-4AD7-9F7A-54D14821D5AE"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "secalert@redhat.com"}