3 matches found
CVE-2010-1330
The regular expression engine in JRuby before 1.4.1, when $KCODE is set to 'u', does not properly handle characters immediately after a UTF-8 character, which allows remote attackers to conduct cross-site scripting XSS attacks via a crafted string...
CVE-2010-1330
JRuby prior to 1.4.1 contains an XSS vulnerability in its regex engine when $KCODE is set to 'u'. The flaw occurs because the engine does not properly handle characters immediately after a UTF-8 character, enabling remote attackers to inject crafted strings and execute script in vulnerable contex...
CVE-2010-1330 jruby: XSS in the regular expression engine when processing invalid UTF-8 byte sequences
The regular expression engine in JRuby before 1.4.1, when $KCODE is set to 'u', does not properly handle characters immediately after a UTF-8 character, which allows remote attackers to conduct cross-site scripting XSS attacks via a crafted string...