CVE-2013-0256

medium
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

darkfish.js in RDoc 2.3.0 through 3.12 and 4.x before 4.0.0.preview2.1, as used in Ruby, does not properly generate documents, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted URL.

References

https://bugzilla.redhat.com/show_bug.cgi?id=907820

http://www.ruby-lang.org/en/news/2013/02/06/rdoc-xss-cve-2013-0256/

https://github.com/rdoc/rdoc/commit/ffa87887ee0517793df7541629a470e331f9fe60

http://rhn.redhat.com/errata/RHSA-2013-0548.html

http://blog.segment7.net/2013/02/06/rdoc-xss-vulnerability-cve-2013-0256-releases-3-9-5-3-12-1-4-0-0-rc-2

http://lists.opensuse.org/opensuse-updates/2013-02/msg00048.html

http://www.ubuntu.com/usn/USN-1733-1

http://secunia.com/advisories/52774

http://rhn.redhat.com/errata/RHSA-2013-0686.html

http://rhn.redhat.com/errata/RHSA-2013-0701.html

http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00015.html

http://rhn.redhat.com/errata/RHSA-2013-0728.html

Details

Source: MITRE

Published: 2013-03-01

Updated: 2021-09-09

Type: CWE-79

Risk Information

CVSS v2

Base Score: 4.3

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Impact Score: 2.9

Exploitability Score: 8.6

Severity: MEDIUM

Tenable Plugins

View all (10 total)

IDNameProductFamilySeverity
119438RHEL 6 : rubygem packages (RHSA-2013:0728)NessusRed Hat Local Security Checks
medium
119437RHEL 6 : ruby193-ruby, rubygem-json and rubygem-rdoc (RHSA-2013:0701)NessusRed Hat Local Security Checks
high
83907Debian DLA-235-1 : ruby1.9.1 security updateNessusDebian Local Security Checks
medium
74909openSUSE Security Update : ruby19 (openSUSE-SU-2013:0376-1)NessusSuSE Local Security Checks
medium
74894openSUSE Security Update : rubygem-rdoc (openSUSE-SU-2013:0303-1)NessusSuSE Local Security Checks
medium
66338Fedora 17 : rubygem-rdoc-3.12-5.fc17 (2013-2143)NessusFedora Local Security Checks
medium
66337Fedora 18 : rubygem-rdoc-3.12-6.fc18 (2013-2131)NessusFedora Local Security Checks
medium
65904RHEL 6 : Subscription Asset Manager (RHSA-2013:0686)NessusRed Hat Local Security Checks
high
64799Ubuntu 12.04 LTS / 12.10 : ruby1.9.1 vulnerabilities (USN-1733-1)NessusUbuntu Local Security Checks
high
64646FreeBSD : Ruby -- XSS exploit of RDoc documentation generated by rdoc (d3e96508-056b-4259-88ad-50dc8d1978a6)NessusFreeBSD Local Security Checks
medium