CVE-2013-0256

RDoc 2.3.0-3.12 and 4.x < 4.0.0.preview2.1 - Cross-Site Scripting via darkfish.js

Title source: llm
STIX 2.1

Description

darkfish.js in RDoc 2.3.0 through 3.12 and 4.x before 4.0.0.preview2.1, as used in Ruby, does not properly generate documents, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted URL.

References (12)

Core 12
Core References
Third Party Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2013-0701.html
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/52774
Mailing List, Third Party Advisory vendor-advisory x_refsource_suse
http://lists.opensuse.org/opensuse-updates/2013-02/msg00048.html
Third Party Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2013-0728.html
Third Party Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2013-0686.html
Third Party Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2013-0548.html
Third Party Advisory vendor-advisory x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-1733-1
Issue Tracking x_refsource_misc
https://bugzilla.redhat.com/show_bug.cgi?id=907820
Mailing List, Third Party Advisory vendor-advisory x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00015.html

Scores

EPSS 0.0267
EPSS Percentile 86.0%

Details

CWE
CWE-79
Status published
Products (11)
canonical/ubuntu_linux 12.04
canonical/ubuntu_linux 12.10
ruby-lang/rdoc 4.0.0 preview2
ruby-lang/rdoc 2.3.0 - 3.12
ruby-lang/ruby 1.9
ruby-lang/ruby 1.9.1
ruby-lang/ruby 1.9.2
ruby-lang/ruby 1.9.3 (6 CPE variants)
ruby-lang/ruby 2.0
ruby-lang/ruby 2.0.0 (3 CPE variants)
... and 1 more
Published Mar 01, 2013
Tracked Since Feb 18, 2026