Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.703168
Category:Debian Local Security Checks
Title:Debian Security Advisory DSA 3168-1 (ruby-redcloth - security update)
Summary:Kousuke Ebihara discovered that redcloth,;a Ruby module used to convert Textile markup to HTML, did not properly sanitize its;input. This allowed a remote attacker to perform a cross-site;scripting attack by injecting arbitrary JavaScript code into the;generated HTML.
Description:Summary:
Kousuke Ebihara discovered that redcloth,
a Ruby module used to convert Textile markup to HTML, did not properly sanitize its
input. This allowed a remote attacker to perform a cross-site
scripting attack by injecting arbitrary JavaScript code into the
generated HTML.

Affected Software/OS:
ruby-redcloth on Debian Linux

Solution:
For the stable distribution (wheezy),
this problem has been fixed in version 4.2.9-2+deb7u2.

For the unstable distribution (sid), this problem has been fixed in
version 4.2.9-4.

We recommend that you upgrade your ruby-redcloth packages.

CVSS Score:
4.3

CVSS Vector:
AV:N/AC:M/Au:N/C:N/I:P/A:N

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2012-6684
Debian Security Information: DSA-3168 (Google Search)
http://www.debian.org/security/2015/dsa-3168
http://seclists.org/fulldisclosure/2014/Dec/50
http://co3k.org/blog/redcloth-unfixed-xss-en
http://jgarber.lighthouseapp.com/projects/13054-redcloth/tickets/243-xss
https://gist.github.com/co3k/75b3cb416c342aa1414c
CopyrightCopyright (c) 2015 Greenbone Networks GmbH http://greenbone.net

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2024 E-Soft Inc. All rights reserved.