CVE-2013-0256

CVSS v2.0 4.3 (Medium)

EPSS 0.38 % (74^th)

Affected Products 3

Advisories 5

darkfish.js in RDoc 2.3.0 through 3.12 and 4.x before 4.0.0.preview2.1, as used in Ruby, does not properly generate documents, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted URL.

Weaknesses

CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE Status: PUBLISHED
CNA: Red Hat, Inc.
Published Date: 2013-03-01 05:40:17
(11 years ago)
Updated Date: 2021-09-09 12:28:13
(3 years ago)

Affected Products

Canonical

Ubuntu Linux

Ruby-lang

Rdoc
Ruby

Configuration #1

	CPE23	From	Up To
Ruby-lang Rdoc for Ruby from 2.3.0 version and prior 3.12 version	cpe:2.3:a:ruby-lang:rdoc::::::ruby	>= 2.3.0	< 3.12
Ruby-lang Rdoc 4.0.0 Preview2 for Ruby	cpe:2.3:a:ruby-lang:rdoc:4.0.0:preview2:::*:ruby
Ruby-lang Ruby 1.9	cpe:2.3:a:ruby-lang:ruby:1.9
Ruby-lang Ruby 1.9.1	cpe:2.3:a:ruby-lang:ruby:1.9.1
Ruby-lang Ruby 1.9.2	cpe:2.3:a:ruby-lang:ruby:1.9.2
Ruby-lang Ruby 1.9.3	cpe:2.3:a:ruby-lang:ruby:1.9.3
Ruby-lang Ruby 1.9.3 P0	cpe:2.3:a:ruby-lang:ruby:1.9.3:p0
Ruby-lang Ruby 1.9.3 P125	cpe:2.3:a:ruby-lang:ruby:1.9.3:p125
Ruby-lang Ruby 1.9.3 P194	cpe:2.3:a:ruby-lang:ruby:1.9.3:p194
Ruby-lang Ruby 1.9.3 P286	cpe:2.3:a:ruby-lang:ruby:1.9.3:p286
Ruby-lang Ruby 1.9.3 P383	cpe:2.3:a:ruby-lang:ruby:1.9.3:p383
Ruby-lang Ruby 2.0	cpe:2.3:a:ruby-lang:ruby:2.0
Ruby-lang Ruby 2.0.0	cpe:2.3:a:ruby-lang:ruby:2.0.0
Ruby-lang Ruby 2.0.0 Rc1	cpe:2.3:a:ruby-lang:ruby:2.0.0:rc1
Ruby-lang Ruby 2.0.0 Rc2	cpe:2.3:a:ruby-lang:ruby:2.0.0:rc2

Configuration #2

		CPE23	From	Up To
	Canonical Ubuntu Linux 12.04	cpe:2.3:o:canonical:ubuntu_linux:12.04:::*:-
	Canonical Ubuntu Linux 12.10	cpe:2.3:o:canonical:ubuntu_linux:12.10