CVE-2013-0256

Опубликовано: 06 фев. 2013

Источник: redhat

CVSS2: 5

Описание

darkfish.js in RDoc 2.3.0 through 3.12 and 4.x before 4.0.0.preview2.1, as used in Ruby, does not properly generate documents, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted URL.

Затронутые пакеты

Платформа	Пакет	Состояние	Рекомендация	Релиз
OpenShift Enterprise 1	rubygem-haml	Affected
Red Hat CloudForms Tools 1	rubygem-haml	Affected
Red Hat CloudForms Tools 1	rubygem-rdoc	Will not fix
Red Hat Enterprise MRG 2	rubygem-haml	Affected
Red Hat Subscription Asset Manager	rubygem-haml	Affected
CloudForms for RHEL 6	rubygem-activesupport	Fixed	RHSA-2013:0548	21.02.2013
CloudForms for RHEL 6	rubygem-delayed_job	Fixed	RHSA-2013:0548	21.02.2013
CloudForms for RHEL 6	rubygem-nokogiri	Fixed	RHSA-2013:0548	21.02.2013
CloudForms for RHEL 6	rubygem-rack	Fixed	RHSA-2013:0548	21.02.2013
CloudForms for RHEL 6	rubygem-rails_warden	Fixed	RHSA-2013:0548	21.02.2013

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

Дефект:

CWE-79

https://bugzilla.redhat.com/show_bug.cgi?id=907820rubygem-rdoc: Cross-site scripting in the documentation created by Darkfish Rdoc HTML generator / template

5 Medium

CVSS2