Medium severity6.1NVD Advisory· Published Feb 16, 2016· Updated Jun 17, 2026
CVE-2015-7580
CVE-2015-7580
Description
Cross-site scripting (XSS) vulnerability in lib/rails/html/scrubbers.rb in the rails-html-sanitizer gem before 1.0.3 for Ruby on Rails 4.2.x and 5.x allows remote attackers to inject arbitrary web script or HTML via a crafted CDATA node.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
rails-html-sanitizerRubyGems | < 1.0.3 | 1.0.3 |
Affected products
6- ghsa-coords5 versionspkg:gem/rails-html-sanitizerpkg:rpm/opensuse/ruby3.2-rubygem-rails-html-sanitizer&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/rubygem-rails-html-sanitizer&distro=openSUSE%20Tumbleweedpkg:rpm/suse/portus&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Containers%2012pkg:rpm/suse/rubygem-rails-html-sanitizer&distro=SUSE%20Enterprise%20Storage%202.1
< 1.0.3+ 4 more
- (no CPE)range: < 1.0.3
- (no CPE)range: < 1.5.0-2.1
- (no CPE)range: < 1.4.3-1.1
- (no CPE)range: < 2.0.3-2.4
- (no CPE)range: < 1.0.2-7.1
Patches
Vulnerability mechanics
References
10- github.com/advisories/GHSA-ghqm-pgxj-37gqghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2015-7580ghsaADVISORY
- lists.opensuse.org/opensuse-security-announce/2016-02/msg00014.htmlnvdWEB
- lists.opensuse.org/opensuse-security-announce/2016-02/msg00024.htmlnvdWEB
- lists.opensuse.org/opensuse-security-announce/2016-04/msg00053.htmlnvdWEB
- www.openwall.com/lists/oss-security/2016/01/25/15nvdWEB
- github.com/rails/rails-html-sanitizer/commit/63903b0eaa6d2a4e1c91bc86008256c4c8335e78nvdWEB
- groups.google.com/forum/message/rawnvdWEB
- web.archive.org/web/20160128075017/http://www.securitytracker.com/id/1034816ghsaWEB
- www.securitytracker.com/id/1034816nvd
News mentions
0No linked articles in our index yet.