CVE-2013-0256 rubygem-rdoc: Cross-site scripting in the documentation created by Darkfish Rdoc HTML generator / template
Published: February 06, 2013
SECURITY IDENTIFIERS
- CVE: CVE-2013-0256 (NVD)
- GHSA: GHSA-v2r9-c84j-v7xm
- OSVDB: OSVDB-90004
GEM
SEVERITY
CVSS v2.0: 4.3 (Medium)
PATCHED VERSIONS
~> 3.9.5
~> 3.12.1
>= 4.0
DESCRIPTION
darkfish.js in RDoc 2.3.0 through 3.12 and 4.x before 4.0.0.preview2.1, as used in Ruby, does not properly generate documents, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted URL.