ruby-redcloth: cross-site scripting
| Package(s): | ruby-redcloth | CVE #(s): | CVE-2012-6684 | ||||||||
| Created: | February 23, 2015 | Updated: | March 9, 2015 | ||||||||
| Description: | From the Debian advisory:
Kousuke Ebihara discovered that redcloth, a Ruby module used to convert Textile markup to HTML, did not properly sanitize its input. This allowed a remote attacker to perform a cross-site scripting attack by injecting arbitrary JavaScript code into the generated HTML. | ||||||||||
| Alerts: |
| ||||||||||