64 matches found
Ruby RedCloth library cross-site scripting vulnerability
Ruby is an object-oriented programming language for simple and fast. A cross-site scripting vulnerability in the Ruby RedCloth library allows remote attackers to inject arbitrary web script or HTML via JavaScript...
Textile Link Parsing XSS
RedCloth Gem for Ruby contains a flaw that allows a cross-site scripting XSS attack. This flaw exists because the program does not validate input when parsing textile links before returning it to users. This may allow a remote attacker to create a specially crafted request that would execute...
RedCloth Cross Site Scripting
I disclosed the following advisory about a XSS vulnerability of RedCloth Textile library for Ruby. http://co3k.org/blog/redcloth-unfixed-xss-en You shouldn't use RedCloth to parse user inputted contents and output the parsed string except that you allow your user to write arbitrary JavaScript cod...
CVE-2012-6684 rubygem-RedCloth: XSS vulnerability
Cross-site scripting XSS vulnerability in the RedCloth library 4.2.9 for Ruby and earlier allows remote attackers to inject arbitrary web script or HTML via a javascript: URI...