VYPR
Get started
← All advisories
Medium severity6.1NVD Advisory· Published Feb 16, 2016· Updated May 6, 2026

CVE-2015-7580

CVE-2015-7580

Description

Cross-site scripting (XSS) vulnerability in lib/rails/html/scrubbers.rb in the rails-html-sanitizer gem before 1.0.3 for Ruby on Rails 4.2.x and 5.x allows remote attackers to inject arbitrary web script or HTML via a crafted CDATA node.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
rails-html-sanitizerRubyGems
< 1.0.31.0.3

Affected products

1

Patches

1
63903b0eaa6d
https://github.com/rails/rails-html-sanitizervia ghsa
commit

Vulnerability mechanics

Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

10

News mentions

0

No linked articles in our index yet.