CVE-2013-0256

Ruby-lang Rdoc < 3.12 - XSS

Title source: rule

Description

darkfish.js in RDoc 2.3.0 through 3.12 and 4.x before 4.0.0.preview2.1, as used in Ruby, does not properly generate documents, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted URL.

References (12)

Scores

EPSS 0.0358
EPSS Percentile 87.6%

Details

CWE
CWE-79
Status published
Products (19)
ruby-lang/rdoc < 3.12
ruby-lang/rdoc
ruby-lang/ruby
ruby-lang/ruby
ruby-lang/ruby
ruby-lang/ruby
ruby-lang/ruby
ruby-lang/ruby
ruby-lang/ruby
ruby-lang/ruby
... and 9 more
Published Mar 01, 2013
Tracked Since Feb 18, 2026