CVE-2013-0256

medium

Description

darkfish.js in RDoc 2.3.0 through 3.12 and 4.x before 4.0.0.preview2.1, as used in Ruby, does not properly generate documents, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted URL.

References

https://github.com/rdoc/rdoc/commit/ffa87887ee0517793df7541629a470e331f9fe60

https://bugzilla.redhat.com/show_bug.cgi?id=907820

http://www.ubuntu.com/usn/USN-1733-1

http://www.ruby-lang.org/en/news/2013/02/06/rdoc-xss-cve-2013-0256/

http://secunia.com/advisories/52774

http://rhn.redhat.com/errata/RHSA-2013-0728.html

http://rhn.redhat.com/errata/RHSA-2013-0701.html

http://rhn.redhat.com/errata/RHSA-2013-0686.html

http://rhn.redhat.com/errata/RHSA-2013-0548.html

http://lists.opensuse.org/opensuse-updates/2013-02/msg00048.html

http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00015.html

http://blog.segment7.net/2013/02/06/rdoc-xss-vulnerability-cve-2013-0256-releases-3-9-5-3-12-1-4-0-0-rc-2

Details

Source: Mitre, NVD

Published: 2013-03-01

Updated: 2021-09-09

Risk Information

CVSS v2

Base Score: 4.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N

Severity: Medium

CVSS v3

Base Score: 6.1

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N