Description
darkfish.js in RDoc 2.3.0 through 3.12 and 4.x before 4.0.0.preview2.1, as used in Ruby, does not properly generate documents, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted URL.
Remediation
References
Related Vulnerabilities
WordPress Plugin Site Offline Or Coming Soon Or Maintenance Mode Security Bypass (1.5.2)
Magento Improper Privilege Management Vulnerability (CVE-2020-9630)
WordPress Plugin Social Auto Poster-WordPress Scheduler & Marketing Cross-Site Scripting (5.3.14)
Drupal Use of Web Browser Cache Containing Sensitive Information Vulnerability (CVE-2025-13083)