CVE-2013-0256 – rdoc

Package

Manager: gem
Name: rdoc
Vulnerable Version: >=2.3.0 <3.12.1

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N/E:U/RL:O/RC:C

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

EPSS: 0.02165 pctl0.83652

Details

RDoc contains XSS vulnerability darkfish.js in RDoc 2.3.0 through 3.12 and 4.x before 4.0.0.preview2.1, as used in Ruby, does not properly generate documents, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted URL.

Metadata

Created: 2017-10-24T18:33:37Z
Modified: 2023-07-05T20:39:56Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2017/10/GHSA-v2r9-c84j-v7xm/GHSA-v2r9-c84j-v7xm.json
CWE IDs: ["CWE-79"]
Alternative ID: GHSA-v2r9-c84j-v7xm
Finding: F008
Auto approve: 1