CVE-2013-0256

darkfish.js in RDoc 2.3.0 through 3.12 and 4.x before 4.0.0.preview2.1, as used in Ruby, does not properly generate documents, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted URL.
Cross-site Scripting
Severity
UNKNOWN
AV:N/AC:M/Au:N/C:N/I:P/A:N
Atk. Vector
NETWORK
Atk. Complexity
MEDIUM
Base Score
CVSS 3.x
EPSS Score
Percentile: 76%
VendorProductVersion
ruby-langrdoc
2.3.0 ≤
𝑥
< 3.12
ruby-langrdoc
4.0.0
ruby-langruby
1.9
ruby-langruby
1.9.1
ruby-langruby
1.9.2
ruby-langruby
1.9.3
ruby-langruby
1.9.3
ruby-langruby
1.9.3
ruby-langruby
1.9.3
ruby-langruby
1.9.3
ruby-langruby
1.9.3
ruby-langruby
2.0
ruby-langruby
2.0.0
ruby-langruby
2.0.0
ruby-langruby
2.0.0
canonicalubuntu_linux
12.04
canonicalubuntu_linux
12.10
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
ruby-defaults
raring
not-affected
quantal
not-affected
precise
not-affected
oneiric
not-affected
lucid
not-affected
hardy
ignored
ruby1.8
raring
ignored
quantal
ignored
precise
ignored
oneiric
ignored
lucid
ignored
hardy
ignored
ruby1.9
raring
dne
quantal
dne
precise
dne
oneiric
dne
maverick
dne
lucid
ignored
hardy
ignored
ruby1.9.1
raring
Fixed 1.9.3.194-7ubuntu1
released
quantal
Fixed 1.9.3.194-1ubuntu1.3
released
precise
Fixed 1.9.3.0-1ubuntu2.5
released
oneiric
ignored
lucid
ignored
hardy
dne