Cross-Site Scripting (XSS) In Darkfish.js

🗓️ 15 Jan 2019 08:51:23Reported by Veracode Vulnerability DatabaseType

veracode🔗 sca.analysiscenter.veracode.com👁 25 Views

Darkfish.js RDoc XSS vulnerabilit

Reporter	Title	Published	Views	Family All 57
Circl	CVE-2013-0256	15 Feb 202601:21	–	circl
CVE	CVE-2013-0256	1 Mar 201302:00	–	cve
Cvelist	CVE-2013-0256	1 Mar 201302:00	–	cvelist
FreeBSD	Ruby -- XSS exploit of RDoc documentation generated by rdoc	6 Feb 201300:00	–	freebsd
Debian	[SECURITY] [DLA 235-1] ruby1.9.1 security update	30 May 201520:45	–	debian
Tenable Nessus	Debian DLA-235-1 : ruby1.9.1 security update	1 Jun 201500:00	–	nessus
Tenable Nessus	Fedora 18 : rubygem-rdoc-3.12-6.fc18 (2013-2131)	8 May 201300:00	–	nessus
Tenable Nessus	Fedora 17 : rubygem-rdoc-3.12-5.fc17 (2013-2143)	8 May 201300:00	–	nessus
Tenable Nessus	FreeBSD : Ruby -- XSS exploit of RDoc documentation generated by rdoc (d3e96508-056b-4259-88ad-50dc8d1978a6)	17 Feb 201300:00	–	nessus
Tenable Nessus	openSUSE Security Update : rubygem-rdoc (openSUSE-SU-2013:0303-1)	13 Jun 201400:00	–	nessus

Vulners

Node

rubygem-json rubygem-jsonMatch1.4.6_13.el6op

rubygem-json rubygem-jsonMatch1.4.6_10.el6

rubygem-json rubygem-jsonMatch1.4.6_4.el6

rubygem-json rubygem-jsonMatch1.4.6_1.el6

rubygem-rdoc rubygem-rdocMatch3.8_3.el6

rubygem-rdoc rubygem-rdocMatch3.8_6.el6op

rubygem-rdoc rubygem-rdocMatch3.8_6.el6cf

rubygem-rdoc rubygem-rdocMatch3.8_4.el6

ruby193-ruby ruby193-rubyMatch1.9.3.327_25.el6

ruby193-ruby ruby193-rubyMatch1.9.3.194_23.el6

ruby193-rubygem-ci_reporter ruby193-rubygem-ci_reporterMatch1.7.2_3.el6op

ruby193-rubygem-rack ruby193-rubygem-rackMatch1.4.1_4.el6

ruby193-rubygem-rack ruby193-rubygem-rackMatch1.4.1_2.el6

ruby193-rubygem-haml ruby193-rubygem-hamlMatch3.1.7_2.el6op

ruby193-rubygem-rspec ruby193-rubygem-rspecMatch2.11.0_1.el6

ruby193-rubygem-fastthread ruby193-rubygem-fastthreadMatch1.0.7_6.el6op

ruby193-rubygem-activesupport ruby193-rubygem-activesupportMatch3.2.8_3.el6

ruby193-rubygem-activesupport ruby193-rubygem-activesupportMatch3.2.8_2.el6

ruby193-rubygem-rack-test ruby193-rubygem-rack-testMatch0.6.1_2.el6

ruby193-rubygem-bson ruby193-rubygem-bsonMatch1.5.2_5.el6op

ruby193-rubygem-xml-simple ruby193-rubygem-xml-simpleMatch1.0.12_9.el6op

ruby193-rubygem-compass ruby193-rubygem-compassMatch0.12.2_3.el6op

ruby193-rubygem-chunky_png ruby193-rubygem-chunky_pngMatch1.2.6_1.el6op

ruby193-rubygem-bcrypt-ruby ruby193-rubygem-bcrypt-rubyMatch3.0.1_6.el6

ruby193-rubygem-treetop ruby193-rubygem-treetopMatch1.4.10_5.el6

ruby193-rubygem-http_connection ruby193-rubygem-http_connectionMatch1.4.1_6.el6

rubygem-actionpack rubygem-actionpackMatch3.0.10_10.el6cf

rubygem-actionpack rubygem-actionpackMatch3.0.10_11.el6cf

rubygem-actionpack rubygem-actionpackMatch3.0.10_3.1.el6

rubygem-actionpack rubygem-actionpackMatch3.0.10_1.el6

rubygem-rack rubygem-rackMatch1.3.0_3.el6cf

rubygem-rack rubygem-rackMatch1.1.0_2.el6

rubygem-rack rubygem-rackMatch1.3.0_2.el6

rubygem-rack rubygem-rackMatch1.3.0_1.el6

rubygem-rack rubygem-rackMatch1.3.0_3.el6op

candlepinproject candlepinMatch0.7.19_3.el6cf

candlepinproject candlepinMatch0.5.26_1.el6

candlepinproject candlepinMatch0.7.8.1_1.el6cf

candlepinproject candlepinMatch0.7.23_1.el6_3

candlepinproject candlepinMatch0.5.21_1.el6

candlepinproject candlepinMatch0.6.5_1.el6_2

thumbslug thumbslugMatch0.0.28_1.el6_3

thumbslug thumbslugMatch0.0.21_1.el6

thumbslug thumbslugMatch0.0.24_1.el6_2

rubygem-activemodel rubygem-activemodelMatch3.0.10_1.el6

katello katelloMatch0.1.238_3.el6

katello katelloMatch0.1.311_1.el6_2

katello katelloMatch0.3.3_1.el6_2

katello katelloMatch0.3.4_1.el6_2

katello katelloMatch1.1.12.2_5.el6cf

katello katelloMatch0.1.307_1.el6

katello katelloMatch0.1.318_1.el6cf

katello katelloMatch0.1.320_1.el6cf

katello katelloMatch1.1.12_22.el6cf

rubygem-rails_warden rubygem-rails_wardenMatch0.5.5_1.el6

katello katello-configureMatch0.1.64_7.el6

katello katello-configureMatch0.3.7_1.el6_2

katello katello-configureMatch1.1.9_13.el6cf

katello katello-configureMatch1.1.9_12.el6cf

katello katello-configureMatch0.1.111_1.el6cf

katello katello-configureMatch0.1.107_1.el6

rubygem-delayed_job rubygem-delayed_jobMatch2.1.4_2.el6cf

rubygem-delayed_job rubygem-delayed_jobMatch2.1.4_1.el6

rubygem-activesupport rubygem-activesupportMatch3.0.10_7.el6cf

rubygem-activesupport rubygem-activesupportMatch3.0.10_4.el6cf

rubygem-activesupport rubygem-activesupportMatch3.0.10_5.el6cf

rubygem-activesupport rubygem-activesupportMatch3.0.10_3.el6

rubygem-activesupport rubygem-activesupportMatch3.0.10_9.el6cf

rubygem-activesupport rubygem-activesupportMatch3.0.10_1.el6

rubygem-shoulda rubygem-shouldaMatch2.11.3_1.el6

rubygem-shoulda rubygem-shouldaMatch2.11.3_4.el6

rubygem-ruby_parser rubygem-ruby_parserMatch2.0.4_5.el6op

rubygem-ruby_parser rubygem-ruby_parserMatch2.0.4_4.el6

rubygem-rspec-rails rubygem-rspec-railsMatch2.6.1_6.el6_2

Source	Link
secunia	www.secunia.com/advisories/52774
rhn	www.rhn.redhat.com/errata/RHSA-2013-0701.html
access	www.access.redhat.com/security/updates/classification/
blog	www.blog.segment7.net/2013/02/06/rdoc-xss-vulnerability-cve-2013-0256-releases-3-9-5-3-12-1-4-0-0-rc-2
bugzilla	www.bugzilla.redhat.com/show_bug.cgi
github	www.github.com/rdoc/rdoc/commit/ffa87887ee0517793df7541629a470e331f9fe60
ruby-lang	www.ruby-lang.org/en/news/2013/02/06/rdoc-xss-cve-2013-0256/
lists	www.lists.opensuse.org/opensuse-updates/2013-02/msg00048.html
rhn	www.rhn.redhat.com/errata/RHSA-2013-0548.html
rhn	www.rhn.redhat.com/errata/RHSA-2013-0686.html

15 May 2019 06:18Current

5.2Medium risk

Vulners AI Score5.2

CVSS 24.3

EPSS0.02671