Medium severity6.1NVD Advisory· Published Feb 16, 2016· Updated Jun 17, 2026
CVE-2015-7578
CVE-2015-7578
Description
Cross-site scripting (XSS) vulnerability in the rails-html-sanitizer gem before 1.0.3 for Ruby on Rails 4.2.x and 5.x allows remote attackers to inject arbitrary web script or HTML via crafted tag attributes.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
rails-html-sanitizerRubyGems | < 1.0.3 | 1.0.3 |
Affected products
6- ghsa-coords5 versionspkg:gem/rails-html-sanitizerpkg:rpm/opensuse/ruby3.2-rubygem-rails-html-sanitizer&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/rubygem-rails-html-sanitizer&distro=openSUSE%20Tumbleweedpkg:rpm/suse/portus&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Containers%2012pkg:rpm/suse/rubygem-rails-html-sanitizer&distro=SUSE%20Enterprise%20Storage%202.1
< 1.0.3+ 4 more
- (no CPE)range: < 1.0.3
- (no CPE)range: < 1.5.0-2.1
- (no CPE)range: < 1.4.3-1.1
- (no CPE)range: < 2.0.3-2.4
- (no CPE)range: < 1.0.2-7.1
Patches
Vulnerability mechanics
References
12- github.com/advisories/GHSA-59c7-4xj2-hgvwghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2015-7578ghsaADVISORY
- lists.fedoraproject.org/pipermail/package-announce/2016-February/178046.htmlnvdWEB
- lists.fedoraproject.org/pipermail/package-announce/2016-February/178064.htmlnvdWEB
- lists.opensuse.org/opensuse-security-announce/2016-02/msg00014.htmlnvdWEB
- lists.opensuse.org/opensuse-security-announce/2016-02/msg00024.htmlnvdWEB
- lists.opensuse.org/opensuse-security-announce/2016-04/msg00053.htmlnvdWEB
- www.openwall.com/lists/oss-security/2016/01/25/11nvdWEB
- github.com/rails/rails-html-sanitizer/commit/297161e29a3e11186ce4c02bf7defc088bf544d4nvdWEB
- groups.google.com/forum/message/rawnvdWEB
- web.archive.org/web/20160128075017/http://www.securitytracker.com/id/1034816ghsaWEB
- www.securitytracker.com/id/1034816nvd
News mentions
0No linked articles in our index yet.