Description

darkfish.js in RDoc 2.3.0 through 3.12 and 4.x before 4.0.0.preview2.1, as used in Ruby, does not properly generate documents, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted URL.

Remediation

References

CVE-2013-0256

Related Vulnerabilities

Envoy Proxy Excessive Iteration Vulnerability (CVE-2021-32778)

Moodle Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2020-1692)

MySQL CVE-2014-6474 Vulnerability (CVE-2014-6474)

WordPress Plugin Zita Elementor Site Library Arbitrary File Upload (1.6.1)

Jenkins Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2014-3680)

Severity

Medium

Classification

CVE-2013-0256 CWE-707

Tags

Missing Update Known Vulnerabilities