FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2013-0256

This CVE name corresponds to:

Entered Topic
2013-02-16 Ruby -- XSS exploit of RDoc documentation generated by rdoc

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

Details

Type Candidate
Name CVE-2013-0256
Phase Assigned(20121206)

Description

darkfish.js in RDoc 2.3.0 through 3.12 and 4.x before 4.0.0.preview2.1, as used in Ruby, does not properly generate documents, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted URL.

References

Source Reference
MISC http://blog.segment7.net/2013/02/06/rdoc-xss-vulnerability-cve-2013-0256-releases-3-9-5-3-12-1-4-0-0-rc-2
MISC https://bugzilla.redhat.com/show_bug.cgi?id=907820
CONFIRM http://www.ruby-lang.org/en/news/2013/02/06/rdoc-xss-cve-2013-0256/
CONFIRM https://github.com/rdoc/rdoc/commit/ffa87887ee0517793df7541629a470e331f9fe60
REDHAT RHSA-2013:0548
REDHAT RHSA-2013:0686
REDHAT RHSA-2013:0701
REDHAT RHSA-2013:0728
SUSE openSUSE-SU-2013:0303
SUSE SUSE-SU-2013:0647
UBUNTU USN-1733-1
SECUNIA 52774