CVE-2013-0256
Description
darkfish.js in RDoc 2.3.0 through 3.12 and 4.x before 4.0.0.preview2.1, as used in Ruby, does not properly generate documents, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted URL.
Risk Information
Base Score
5.4
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
EPSS Score
Exploitation Probability
3.584
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Vulnerabilities CVE-2013-0256 are fixed in Ruby-rdoc 3.12.1 | Windows |
| (RHSA-2013:0686) Moderate: Subscription Asset Manager 1.2.1 update candlepin-0.7.24-1.el6_3.noarch.rpm | Linux |
| (RHSA-2013:0686) Moderate: Subscription Asset Manager 1.2.1 update candlepin-devel-0.7.24-1.el6_3.noarch.rpm | Linux |
| (RHSA-2013:0686) Moderate: Subscription Asset Manager 1.2.1 update candlepin-selinux-0.7.24-1.el6_3.noarch.rpm | Linux |
| (RHSA-2013:0686) Moderate: Subscription Asset Manager 1.2.1 update candlepin-tomcat6-0.7.24-1.el6_3.noarch.rpm | Linux |
| (RHSA-2013:0686) Moderate: Subscription Asset Manager 1.2.1 update katello-common-1.2.1.1-1h.el6_4.noarch.rpm | Linux |
| (RHSA-2013:0686) Moderate: Subscription Asset Manager 1.2.1 update katello-configure-1.2.3.1-4h.el6_4.noarch.rpm | Linux |
| (RHSA-2013:0686) Moderate: Subscription Asset Manager 1.2.1 update katello-glue-candlepin-1.2.1.1-1h.el6_4.noarch.rpm | Linux |
| (RHSA-2013:0686) Moderate: Subscription Asset Manager 1.2.1 update katello-headpin-1.2.1.1-1h.el6_4.noarch.rpm | Linux |
| (RHSA-2013:0686) Moderate: Subscription Asset Manager 1.2.1 update katello-headpin-all-1.2.1.1-1h.el6_4.noarch.rpm | Linux |
| (RHSA-2013:0686) Moderate: Subscription Asset Manager 1.2.1 update rubygem-json-1.7.3-2.el6_3.x86_64.rpm | Linux |
| (RHSA-2013:0686) Moderate: Subscription Asset Manager 1.2.1 update thumbslug-0.0.28.1-1.el6_4.noarch.rpm | Linux |
| (RHSA-2013:0686) Moderate: Subscription Asset Manager 1.2.1 update thumbslug-selinux-0.0.28.1-1.el6_4.noarch.rpm | Linux |
| Vulnerabilities CVE-2013-0256 are fixed in Ruby-rdoc for Linux 3.12.1 | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234