CVE-2010-1330

2012-11-23T19:55:00
ID CVE-2010-1330
Type cve
Reporter cve@mitre.org
Modified 2017-08-17T01:32:00

Description

The regular expression engine in JRuby before 1.4.1, when $KCODE is set to 'u', does not properly handle characters immediately after a UTF-8 character, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted string.