CVE-2013-0256

Published: Mar 1, 2013

Modified: Aug 6, 2024

PUBLISHED

Description

darkfish.js in RDoc 2.3.0 through 3.12 and 4.x before 4.0.0.preview2.1, as used in Ruby, does not properly generate documents, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted URL.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

RHSA-2013:0701

vendor-advisory

x_refsource_REDHAT

http://www.ruby-lang.org/en/news/2013/02/06/rdoc-xss-cve-2013-0256/

x_refsource_CONFIRM

52774

third-party-advisory

x_refsource_SECUNIA

openSUSE-SU-2013:0303

vendor-advisory

x_refsource_SUSE

http://blog.segment7.net/2013/02/06/rdoc-xss-vulnerability-cve-2013-0256-releases-3-9-5-3-12-1-4-0-0-rc-2

x_refsource_MISC

RHSA-2013:0728

vendor-advisory

x_refsource_REDHAT

RHSA-2013:0686

vendor-advisory

x_refsource_REDHAT

https://github.com/rdoc/rdoc/commit/ffa87887ee0517793df7541629a470e331f9fe60

x_refsource_CONFIRM

RHSA-2013:0548

vendor-advisory

x_refsource_REDHAT

USN-1733-1

vendor-advisory

x_refsource_UBUNTU

https://bugzilla.redhat.com/show_bug.cgi?id=907820

x_refsource_MISC

SUSE-SU-2013:0647

vendor-advisory

x_refsource_SUSE

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2013-0256

Description

Affected Products

References