Published: 23/11/2012 Updated: 12/01/2021

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

VMScore: 383

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

The regular expression engine in JRuby prior to 1.4.1, when $KCODE is set to 'u', does not properly handle characters immediately after a UTF-8 character, which allows remote malicious users to conduct cross-site scripting (XSS) attacks via a crafted string.

Vulnerable Product	Search on Vulmon	Subscribe to Product
jruby jruby 1.3.0
jruby jruby 1.1.6
jruby jruby 1.1
jruby jruby 1.1.2
jruby jruby 1.0.3
jruby jruby 0.9.8
jruby jruby 0.9.2
jruby jruby 1.4.0
jruby jruby 1.3.1
jruby jruby 1.1.1
jruby jruby 1.0.2
jruby jruby 1.0.0
jruby jruby 1.2.0
jruby jruby 1.1.4
jruby jruby 1.1.5
jruby jruby 1.0.1
jruby jruby 0.9.0
jruby jruby
jruby jruby 1.1.3
jruby jruby 0.9.9
jruby jruby 0.9.1

CWE-79 http://www.jruby.org/2010/04/26/jruby-1-4-1-xss-vulnerability.html http://secunia.com/advisories/46891 https://bugzilla.redhat.com/show_bug.cgi?id=750306 https://bugs.gentoo.org/show_bug.cgi?id=317435 http://rhn.redhat.com/errata/RHSA-2011-1456.html http://www.osvdb.org/77297 https://exchange.xforce.ibmcloud.com/vulnerabilities/80277 https://nvd.nist.gov

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2010-1330

Vulnerability Summary

Vulnerability Trend

References

Vulmon Search

About

Products

Connect