Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
veracodeVeracode Vulnerability DatabaseVERACODE:10732
HistoryJan 15, 2019 - 8:51 a.m.

Cross-Site Scripting (XSS) In Darkfish.js

2019-01-1508:51:23
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
6

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

JSON

darkfish.js in RDoc 2.3.0 through 3.12 and 4.x before 4.0.0.preview2.1, as used in Ruby, does not properly generate documents, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted URL.

Related

fedora 2
openvas 7
nessus 10
cve 1
github 1
prion 1
hackerone 2
ubuntucve 1
freebsd 1
redhat 3
osv 2
rubygems 1
suse 1
securityvulns 2
ubuntu 1
debian 1
veracode 2
fedora
fedora
[SECURITY] Fedora 18 Update: rubygem-rdoc-3.12-6.fc18
2013-05-07 18:36:41
[SECURITY] Fedora 17 Update: rubygem-rdoc-3.12-5.fc17
2013-05-07 18:25:46
openvas
openvas
Fedora Update for rubygem-rdoc FEDORA-2013-2131
2013-05-09 00:00:00
Fedora Update for rubygem-rdoc FEDORA-2013-2143
2013-05-09 00:00:00
Fedora Update for rubygem-rdoc FEDORA-2013-2143
2013-05-09 00:00:00
nessus
nessus
Fedora 17 : rubygem-rdoc-3.12-5.fc17 (2013-2143)
2013-05-08 00:00:00
RHEL 6 : rubygem packages (RHSA-2013:0728)
2018-12-06 00:00:00
FreeBSD : Ruby -- XSS exploit of RDoc documentation generated by rdoc (d3e96508-056b-4259-88ad-50dc8d1978a6)
2013-02-17 00:00:00
cve
cve
CVE-2013-0256
2013-03-01 05:40:00
github
github
RDoc contains XSS vulnerability
2017-10-24 18:33:37
prion
prion
Cross site scripting
2013-03-01 05:40:00
hackerone
hackerone
Ruby: XSS exploit of RDoc documentation generated by rdoc
2021-08-27 12:35:33
Ruby: XSS exploit of RDoc documentation generated by rdoc (CVE-2013-0256)
2023-05-08 13:58:42
ubuntucve
ubuntucve
CVE-2013-0256
2013-02-06 00:00:00
freebsd
freebsd
Ruby -- XSS exploit of RDoc documentation generated by rdoc
2013-02-06 00:00:00
redhat
redhat
(RHSA-2013:0728) Moderate: rubygem packages security update
2013-04-09 00:00:00
(RHSA-2013:0701) Moderate: ruby193-ruby, rubygem-json and rubygem-rdoc security update
2013-04-02 00:00:00
(RHSA-2013:0686) Moderate: Subscription Asset Manager 1.2.1 update
2013-03-26 00:00:00
osv
osv
RDoc contains XSS vulnerability
2017-10-24 18:33:37
ruby1.9.1 - security update
2015-05-30 00:00:00
rubygems
rubygems
CVE-2013-0256 rubygem-rdoc: Cross-site scripting in the documentation created by Darkfish Rdoc HTML generator / template
2013-02-05 20:00:00
suse
suse
Security update for Ruby 1.9 (important)
2013-04-09 19:05:05
securityvulns
securityvulns
[USN-1733-1] Ruby vulnerabilities
2013-02-24 00:00:00
Ruby multiple security vulnerabilities
2013-02-24 00:00:00
ubuntu
ubuntu
Ruby vulnerabilities
2013-02-21 00:00:00
debian
debian
[SECURITY] [DLA 235-1] ruby1.9.1 security update
2015-05-30 20:45:15
veracode
veracode
Arbitrary Code Execution
2019-05-02 04:44:25
Input Validation Bypass
2019-05-02 04:44:16

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

JSON
Related for VERACODE:10732
fedora2openvas7nessus10cve1github1prion1hackerone2ubuntucve1freebsd1redhat3osv2rubygems1suse1securityvulns2ubuntu1debian1veracode2