VDB
DEBIAN-CVE-2013-1855
DEBIAN-CVE-2013-1855
PUBLISHED
CVSS 9.300000190734863 CRITICAL
The sanitize_css method in lib/action_controller/vendor/html-scanner/html/sanitizer.rb in the Action Pack component in Ruby on Rails before 2.3.18, 3.0.x and 3.1.x before 3.1.12, and 3.2.x before 3.2.13 does not properly handle \n (newline) characters, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via crafted Cascading Style Sheets (CSS) token sequences.
Risk Scores
CVSS v4.0
9.300000190734863
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Debian:11 | rails | 0, 0, 0 |
| Debian:13 | rails | 0, 0, 0 |
| Debian:14 | rails | 0, 0, 0 |
| Debian:12 | rails | 0, 0, 0 |
Timeline
- Mar 19, 2013 CVE Published
- Apr 28, 2026 CVE Updated