There are multiple vulnerabilities about Cross-Site Scripting (XSS) in
jQuery shipped with RDoc which bundled in Ruby. All Ruby users are
recommended to update Ruby to the latest release which includes the
fixed version of RDoc.
The following vulnerabilities have been reported.
CVE-2012-6708
CVE-2015-9251

OSVersionArchitecturePackageVersionFilename
FreeBSDanynoarchruby= 2.4.0,1UNKNOWN
FreeBSDanynoarchruby< 2.4.7,1UNKNOWN
FreeBSDanynoarchrubygem-rdoc< 6.1.2UNKNOWN

OS	Version	Architecture	Package	Version	Filename
FreeBSD	any	noarch	ruby	= 2.4.0,1	UNKNOWN
FreeBSD	any	noarch	ruby	< 2.4.7,1	UNKNOWN
FreeBSD	any	noarch	rubygem-rdoc	< 6.1.2	UNKNOWN

References

www.ruby-lang.org/en/news/2019/08/28/multiple-jquery-vulnerabilities-in-rdoc/

hackerone 1

nessus 38

fortinet 1

archlinux 2

ibm 42

debiancve 2

f5 2

zdt 1

github 2

prion 2

osv 7

cve 4

openvas 5

redhatcve 1

alpinelinux 2

packetstorm 1

ubuntucve 2

ics 3

cloudfoundry 1

attackerkb 1

freebsd 1

exploitdb 1

suse 1

atlassian 3

laminas 2

redhat 10

amazon 2

kitploit 1

oraclelinux 3

rocky 2

thn 1

almalinux 2

centos 1

oracle 9

hackerone

Ruby: Ruby is shipping a vulnerable jQuery

2019-03-30 14:10:34

nessus

FreeBSD : RDoc -- multiple jQuery vulnerabilities (ed8d5535-ca78-11e9-980b-999ff59c22ea)

2019-08-30 00:00:00

IBM BigFix Platform 9.5.x < 9.5.12 Multiple Vulnerabilities

2019-05-03 00:00:00

F5 Networks BIG-IP : jQuery vulnerability (K62532311)

2019-05-29 00:00:00

fortinet

Protect

2019-04-10 00:00:00

archlinux

[ASA-201910-4] ruby-rdoc: cross-site scripting

2019-10-02 00:00:00

[ASA-201910-5] ruby2.5: multiple issues

2019-10-02 00:00:00

ibm

Security Bulletin: IBM CICS TX Advanced is vulnerable to multiple vulnerabilities in jQuery.

2023-02-14 21:04:36

Security Bulletin: IBM CICS TX Standard is vulnerable to multiple vulnerabilities in jQuery.

2023-02-14 21:14:53

Security Bulletin: Multiple security vulnerabilities in Swagger UI affect IBM Business Automation Workflow and IBM Business Process Manager (BPM)

2022-09-14 15:28:14

debiancve

CVE-2012-6708

2018-01-18 23:29:00

CVE-2015-9251

2018-01-18 23:29:00

K62532311 : jQuery vulnerability CVE-2012-6708

2018-11-28 00:00:00

K29562170 : jQuery vulnerability CVE-2015-9251

2020-02-19 00:00:00

zdt

Linksys EA7500 2.0.8.194281 - Cross-Site Scripting Vulnerability

2021-03-24 00:00:00

github

Cross-Site Scripting in jquery

2020-09-01 16:41:46

Cross-Site Scripting (XSS) in jquery

2018-01-22 13:32:06

prion

Cross site scripting

2018-01-18 23:29:00

Cross site scripting

2018-01-18 23:29:00

osv

CVE-2012-6708

2018-01-18 23:29:00

CVE-2015-9251

2018-01-18 23:29:00

Cross-Site Scripting (XSS) in jquery

2018-01-22 13:32:06

cve

CVE-2012-6708

2018-01-18 23:29:00

CVE-2015-9251

2018-01-18 23:29:00

CVE-2017-16011

2018-06-04 19:29:00

openvas

jQuery < 1.9.0 XSS Vulnerability

2018-11-01 00:00:00

jQuery < 3.0.0 XSS Vulnerability

2018-11-01 00:00:00

openSUSE: Security Advisory for Recommended (openSUSE-SU-2020:0395-1)

2020-03-29 00:00:00

redhatcve

CVE-2012-6708

2020-04-08 21:22:26

alpinelinux

CVE-2012-6708

2018-01-18 23:29:00

CVE-2015-9251

2018-01-18 23:29:00

packetstorm

Linksys EA7500 2.0.8.194281 Cross Site Scripting

2021-03-25 00:00:00

ubuntucve

CVE-2012-6708

2018-01-18 00:00:00

CVE-2015-9251

2018-01-18 00:00:00

ics

AVEVA InTouch Access Anywhere

2018-07-31 12:00:00

Pepperl+Fuchs WirelessHART-Gateway

2022-04-07 12:00:00

Philips Vue PACS (Update C)

2023-02-21 12:00:00

cloudfoundry

CVE-2015-9251: UAA contains vulnerable jQuery version | Cloud Foundry

2019-07-08 00:00:00

attackerkb

CVE-2015-9251

2018-01-18 00:00:00

freebsd

rt -- XSS via jQuery

2019-03-05 00:00:00

exploitdb

Linksys EA7500 2.0.8.194281 - Cross-Site Scripting

2021-03-25 00:00:00

suse

2020-03-28 00:00:00

atlassian

Jira uses vulnerable jQuery version CVE-2015-9251

2020-04-20 13:29:57

The jQuery version used in JIRA needs to be updated

2015-05-18 09:31:54

Update jQuery to avoid CVE-2020-11022, CVE-2020-11023, and CVE-2015-9251

2021-02-16 18:28:38

laminas

XSS and RCE vectors in laminas-api-tools/api-tools-documentation-swagger

2020-04-01 21:30:00

XSS vectors in laminas-api-tools/api-tools

2020-04-01 21:30:00

redhat

(RHSA-2020:0481) Important: Red Hat JBoss Fuse/A-MQ 6.3 R15 security and bug fix update

2020-02-12 15:24:44

(RHSA-2020:0729) Important: Red Hat Data Grid 7.3.5 security update

2020-03-05 13:05:49

(RHSA-2020:4670) Moderate: idm:DL1 and idm:client security, bug fix, and enhancement update

2020-11-03 12:25:36

amazon

Important: ruby24

2020-08-26 23:09:00

Medium: ipa

2020-10-22 17:40:00

kitploit

CATSploit - An Automated Penetration Testing Tool Using Cyber Attack Techniques Scoring

2024-01-08 11:30:00

oraclelinux

ipa security, bug fix, and enhancement update

2020-10-06 00:00:00

idm:DL1 and idm:client security, bug fix, and enhancement update

2020-11-10 00:00:00

pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update

2020-11-10 00:00:00

rocky

idm:DL1 and idm:client security, bug fix, and enhancement update

2020-11-03 12:25:36

pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update

2020-11-03 12:29:58

thn

Critical Flaws Reported in Philips Vue PACS Medical Imaging Systems

2021-07-09 07:00:00

almalinux

Moderate: idm:DL1 and idm:client security, bug fix, and enhancement update

2020-11-03 12:25:36

Moderate: pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update

2020-11-03 12:29:58

centos

ipa, python2 security update

2020-10-20 18:15:27

oracle

Oracle Critical Patch Update Advisory - October 2019

2020-01-22 00:00:00

Oracle Critical Patch Update Advisory - January 2019

2019-01-15 00:00:00

Oracle Critical Patch Update Advisory - April 2019

2019-04-16 00:00:00

Products

Security Intelligence
Non-intrusive assessment
Developers SDK
Windows scanner
Linux scanner
Perimeter control tool
MSSP

Database

Vulnerabilities
Exploits
IOC
Security News
BugBounty
Popular
Wild Exploited
Top Vulnerabilities

Tools

Linux Security Scanner
API integration
Subscriptions
Plugins
Manual Audit

Learn More

Stats
API
Docs
Api-keys
License
Pricing
Glossary
FAQ

Company

Blog
Contacts
About Us
OpenSource
EULA
Brand Guideline
Privacy Policy

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply. All product names, logos, and brands are property of their respective owners. All company, product and service names used in this website are for identification purposes only. Use of these names, logos, and brands does not imply endorsement.If you are an owner of some content and want it to be removed, please contact us. Using Vulners services you are accepting Vulners services end-user license agreement

@2024 Vulners Inc

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.008 Low

EPSS

Percentile

81.7%

JSON

Related for ED8D5535-CA78-11E9-980B-999FF59C22EA