Description
Cross-site scripting (XSS) vulnerability in the strip_tags function in Ruby on Rails before 2.2.s, and 2.3.x before 2.3.5, allows remote attackers to inject arbitrary web script or HTML via vectors involving non-printing ASCII characters, related to HTML::Tokenizer and actionpack/lib/action_controller/vendor/html-scanner/html/node.rb.
Remediation
References
Related Vulnerabilities
WordPress Plugin CigiCigi Post Guest Cross-Site Scripting (1.0.5)
Oracle Application Server CVE-2008-3986 Vulnerability (CVE-2008-3986)
ownCloud Permissions, Privileges, and Access Controls Vulnerability (CVE-2013-2043)
MediaWiki Other Vulnerability (CVE-2013-4567)
WordPress Plugin Translate WordPress-Google Language Translator Cross-Site Scripting (5.0.05)