Launchpad CVE tracker

CVE 2013-0256

darkfish.js in RDoc 2.3.0 through 3.12 and 4.x before 4.0.0.preview2.1, as used in Ruby, does not properly generate documents, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted URL.

Related bugs and status

CVE-2013-0256 (Candidate) is related to these bugs:

Bug #1131493: Please merge ruby1.9.1 1.9.3.194-7 (main) from Debian testing (main)

Summary				In	Importance	Status
	1131493	Please merge ruby1.9.1 1.9.3.194-7 (main) from Debian testing (main)		ruby1.9.1 (Ubuntu)	Low	Fix Released

See the

CVE page on Mitre.org for more details.

References

MISC: http://blog.segment7.n...
MISC: https://bugzilla.redha...
CONFIRM: http://www.ruby-lang.o...
CONFIRM: https://github.com/rdo...
REDHAT: RHSA-2013:0548
SUSE: openSUSE-SU-2013:0303
UBUNTU: USN-1733-1
REDHAT: RHSA-2013:0686
SECUNIA: 52774
REDHAT: RHSA-2013:0701
REDHAT: RHSA-2013:0728
SUSE: SUSE-SU-2013:0647

Launchpad.net

CVE 2013-0256

Related bugs and status

Related bugs

References