4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
0.002 Low
EPSS
Percentile
57.8%
Cross-site scripting (XSS) vulnerability in the RedCloth library 4.2.9 for Ruby and earlier allows remote attackers to inject arbitrary web script or HTML via a javascript:
URI.
seclists.org/fulldisclosure/2014/Dec/50
www.debian.org/security/2015/dsa-3168
co3k.org/blog/redcloth-unfixed-xss-en
gist.github.com/co3k/75b3cb416c342aa1414c
github.com/rubysec/ruby-advisory-db/blob/master/gems/RedCloth/CVE-2012-6684.yml
nvd.nist.gov/vuln/detail/CVE-2012-6684
web.archive.org/web/20150128115714/jgarber.lighthouseapp.com/projects/13054-redcloth/tickets/243-xss