[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

249461

 
 

909

 
 

195508

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2013-0256Date: (C)2013-03-01   (M)2023-12-22


darkfish.js in RDoc 2.3.0 through 3.12 and 4.x before 4.0.0.preview2.1, as used in Ruby, does not properly generate documents, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted URL.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 4.3
Exploit Score: 8.6
Impact Score: 2.9
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality: NONE
Integrity: PARTIAL
Availability: NONE
  
Reference:
SECUNIA-52774
RHSA-2013:0548
RHSA-2013:0686
RHSA-2013:0701
RHSA-2013:0728
SUSE-SU-2013:0647
USN-1733-1
http://blog.segment7.net/2013/02/06/rdoc-xss-vulnerability-cve-2013-0256-releases-3-9-5-3-12-1-4-0-0-rc-2
http://www.ruby-lang.org/en/news/2013/02/06/rdoc-xss-cve-2013-0256/
https://bugzilla.redhat.com/show_bug.cgi?id=907820
https://github.com/rdoc/rdoc/commit/ffa87887ee0517793df7541629a470e331f9fe60
openSUSE-SU-2013:0303

CPE    14
cpe:/a:ruby-lang:ruby:1.9.3:p0
cpe:/a:ruby-lang:ruby:1.9.3:p194
cpe:/a:ruby-lang:ruby:1.9.3:p383
cpe:/a:ruby-lang:ruby:2.0.0
...
CWE    1
CWE-79
OVAL    3
oval:org.secpod.oval:def:104882
oval:org.secpod.oval:def:104881
oval:org.secpod.oval:def:701179

© SecPod Technologies