Red Hat Bugzilla – Bug 1301920
CVE-2015-7578 rails-html-sanitizer: XSS vulnerability due to unremoved attributes from tags
Last modified: 2016-11-08 10:58:29 EST
There is a possible XSS vulnerability in rails-html-sanitizer. Certain
attributes are not removed from tags when they are sanitized, and these
attributes can lead to an XSS attack on target applications.
Upstream bug report:
Created rubygem-rails-html-sanitizer tracking bugs for this issue:
Affects: fedora-all [bug 1301921]
rubygem-rails-html-sanitizer-1.0.1-2.fc22 has been pushed to the Fedora 22 stable repository. If problems still persist, please make note of it in this bug report.
rubygem-rails-html-sanitizer-1.0.3-1.fc23 has been pushed to the Fedora 23 stable repository. If problems still persist, please make note of it in this bug report.