[RUBYSEC:RDOC-2013-0256] CVE-2013-0256 rubygem-rdoc: Cross-site scripting in the documentation created by Darkfish Rdoc HTML generator / template
Severity
Medium
Affected Packages
1
Fixed Packages
3
CVEs
1
darkfish.js in RDoc 2.3.0 through 3.12 and 4.x before 4.0.0.preview2.1,
as used in Ruby, does not properly generate documents, which allows remote attackers
to conduct cross-site scripting (XSS) attacks via a crafted URL.
Package | Affected Version |
---|---|
pkg:gem/rdoc | < 4.0 |
Package | Fixed Version |
---|---|
pkg:gem/rdoc | = 3.9.5 |
pkg:gem/rdoc | = 3.12.1 |
pkg:gem/rdoc | >= 4.0 |
- ID
- RUBYSEC:RDOC-2013-0256
- Severity
- medium
- URL
- https://nvd.nist.gov/vuln/detail/CVE-2013-0256
- Published
-
2013-02-06T00:00:00
(11 years ago) - Modified
-
2023-05-15T17:49:04
(16 months ago) - Rights
- RubySec Security Team
- Other Advisories
Source | # ID | Name | URL |
---|---|---|---|
Security Advisory | GHSA-v2r9-c84j-v7xm | https://github.com/advisories/GHSA-v2r9-c84j-v7xm |
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |