[RUBYSEC:RDOC-2013-0256] CVE-2013-0256 rubygem-rdoc: Cross-site scripting in the documentation created by Darkfish Rdoc HTML generator / template
Severity
Medium
Affected Packages
1
Fixed Packages
3
CVEs
1
darkfish.js in RDoc 2.3.0 through 3.12 and 4.x before 4.0.0.preview2.1,
as used in Ruby, does not properly generate documents, which allows remote attackers
to conduct cross-site scripting (XSS) attacks via a crafted URL.
| Package | Affected Version |
|---|---|
 pkg:gem/rdoc
|
< 4.0 |
| Package | Fixed Version |
|---|---|
|
pkg:gem/rdoc
|
= 3.9.5 |
|
pkg:gem/rdoc
|
= 3.12.1 |
|
pkg:gem/rdoc
|
>= 4.0 |
- ID
- RUBYSEC:RDOC-2013-0256
- Severity
- medium
- URL
- https://nvd.nist.gov/vuln/detail/CVE-2013-0256
- Published
-
2013-02-06T00:00:00
(11 years ago) - Modified
-
2023-05-15T17:49:04
(16 months ago) - Rights
- RubySec Security Team
- Other Advisories
FEDORA-2013-2131
FREEBSD:D3E96508-056B-4259-88AD-50DC8D1978A6
USN-1733-1| Source | # ID | Name | URL |
|---|---|---|---|
| Security Advisory | GHSA-v2r9-c84j-v7xm |
|
| # CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
|---|---|---|---|---|---|---|---|---|---|---|---|
| # CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |