---
gem: actionpack
framework: rails
cve: 2013-1855
osvdb: 91452
url: https://nvd.nist.gov/vuln/detail/CVE-2013-1855
title: XSS vulnerability in sanitize_css in Action Pack
date: 2013-03-19

description: |
  There is an XSS vulnerability in the `sanitize_css` method in Action
  Pack. Carefully crafted text can bypass the sanitization provided in
  the `sanitize_css` method in Action Pack

cvss_v2: 4.3

patched_versions:
  - ~> 2.3.18
  - ~> 3.1.12
  - ">= 3.2.13"