darkfish.js in RDoc 2.3.0 up to and including 3.12 and 4.x prior to 4.0.0.preview2.1, as used in Ruby, does not properly generate documents, which allows remote malicious users to conduct cross-site scripting (XSS) attacks via a crafted URL.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
ruby-lang rdoc |
||
ruby-lang rdoc 4.0.0 |
||
ruby-lang ruby 1.9 |
||
ruby-lang ruby 1.9.1 |
||
ruby-lang ruby 1.9.2 |
||
ruby-lang ruby 1.9.3 |
||
ruby-lang ruby 2.0 |
||
ruby-lang ruby 2.0.0 |
||
canonical ubuntu linux 12.04 |
||
canonical ubuntu linux 12.10 |