Description
darkfish.js in RDoc 2.3.0 through 3.12 and 4.x before 4.0.0.preview2.1, as used in Ruby, does not properly generate documents, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted URL.
Remediation
References
Related Vulnerabilities
WordPress 4.4.x Multiple Vulnerabilities (4.4 - 4.4.20)
WordPress Plugin Affiliate Ads for Clickbank Products Cross-Site Scripting (1.6)
WordPress Plugin WP User Manager-User Profile Builder & Membership Security Bypass (2.6.2)
Jenkins Insufficient Session Expiration Vulnerability (CVE-2019-1003003)
WordPress Plugin IMPress for IDX Broker Unspecified Vulnerability (2.5.11)