Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-6684

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2012-6684
Last Modified 17 Mar 2015 09:59:16
Published 07 Jan 2015 08:59:01
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2012-6684

Summary

Cross-site scripting (XSS) vulnerability in the RedCloth library 4.2.9 for Ruby and earlier allows remote attackers to inject arbitrary web script or HTML via a javascript: URI.

Vulnerable Systems

Application

  • Redcloth Library 4.2.9


References

MISC - https://gist.github.com/co3k/75b3cb416c342aa1414c

FULLDISC - 20141211 RedCloth contains unfixed XSS vulnerability for 9 years

MISC - http://jgarber.lighthouseapp.com/projects/13054-redcloth/tickets/243-xss

MISC - http://co3k.org/blog/redcloth-unfixed-xss-en

DEBIAN - DSA-3168


Last Updated: 27 May 2016 11:08:06