Miggo Logo

CVE-2013-6416: actionpack Cross-site Scripting vulnerability

4.3

CVSS Score

Basic Information

EPSS Score
0.46484%
Published
10/24/2017
Updated
7/26/2023
KEV Status
No
Technology
TechnologyRuby

Technical Details

CVSS Vector
AV:N/AC:M/Au:N/C:N/I:P/A:N
Package NameEcosystemVulnerable VersionsFirst Patched Version
actionpackrubygems>= 4.0.0, < 4.0.24.0.2

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stems from how simple_format handled the html_options parameter when generating HTML tags. The pre-patch code passed options[:sanitize] as the escape flag for content, conflating content sanitization with attribute escaping. This allowed unescaped, user-controlled attributes (e.g., event handlers) to be rendered directly into the HTML output. The fix removed this flawed logic and ensured attributes are properly escaped by default via Rails' content_tag handling, as shown in the commit diff modifying the content_tag invocation.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

*ross-sit* s*riptin* (XSS) vuln*r**ility in t** simpl*_*orm*t **lp*r in `**tionp**k/li*/**tion_vi*w/**lp*rs/t*xt_**lp*r.r*` in Ru*y on R*ils *.x ***or* *.*.* *llows r*mot* *tt**k*rs to inj**t *r*itr*ry w** s*ript or *TML vi* * *r**t** *TML *ttri*ut*.

Reasoning

T** vuln*r**ility st*ms *rom *ow `simpl*_*orm*t` **n*l** t** `*tml_options` p*r*m*t*r w**n **n*r*tin* *TML t**s. T** pr*-p*t** *o** p*ss** `options[:s*nitiz*]` *s t** *s**p* *l** *or *ont*nt, *on*l*tin* *ont*nt s*nitiz*tion wit* *ttri*ut* *s**pin*. T