Description
darkfish.js in RDoc 2.3.0 through 3.12 and 4.x before 4.0.0.preview2.1, as used in Ruby, does not properly generate documents, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted URL.
Remediation
References
Related Vulnerabilities
WebLogic CVE-2021-2047 Vulnerability (CVE-2021-2047)
Apache HTTP Server CVE-2012-0053 Vulnerability (CVE-2012-0053)
WordPress Plugin All In One Favicon Cross-Site Scripting (4.6)
Internet Information Services Other Vulnerability (CVE-1999-1538)
WordPress Plugin Activity Log Multiple Cross-Site Scripting Vulnerabilities (2.3.2)