Veracode Vulnerability DatabaseVERACODE:24602Cross-Site Scripting (XSS)
0.003 Low
EPSS
Percentile
70.7%
ruby is vulnerable to cross-site scripting (XSS). A cross-site scripting (XSS) flaw was found in the way WEBrick displayed error pages. A remote attacker could use this flaw to perform a cross-site scripting attack against victims by tricking them into visiting a specially-crafted URL.
References
lists.apple.com/archives/security-announce/2010//Jun/msg00001.html
secunia.com/advisories/40220
support.apple.com/kb/HT4188
www.mandriva.com/security/advisories?name=MDVSA-2011:097
www.mandriva.com/security/advisories?name=MDVSA-2011:098
www.redhat.com/support/errata/RHSA-2011-0908.html
www.redhat.com/support/errata/RHSA-2011-0909.html
www.ruby-lang.org/en/news/2010/01/10/webrick-escape-sequence-injection/
www.ruby-lang.org/en/news/2010/08/16/xss-in-webrick-cve-2010-0541/
www.ruby-lang.org/en/news/2011/02/18/exception-methods-can-bypass-safe/
www.ruby-lang.org/en/news/2011/02/18/fileutils-is-vulnerable-to-symlink-race-attacks/
www.securityfocus.com/bid/40871
www.securityfocus.com/bid/40895
www.vupen.com/english/advisories/2010/1481
access.redhat.com/errata/RHSA-2011:0909
access.redhat.com/security/updates/classification/#moderate
Related
