CVE-2024-27285 - CERT CVE
ID CVE-2024-27285
Sažetak YARD is a Ruby Documentation tool. The "frames.html" file within the Yard Doc's generated documentation is vulnerable to Cross-Site Scripting (XSS) attacks due to inadequate sanitization of user input within the JavaScript segment of the "frames.erb" template file. This vulnerability is fixed in 0.9.36.
Reference
CVSS
Base: 5.4
Impact: 2.5
Exploitability:2.8
Pristup
VektorSloženostAutentikacija
NETWORK LOW NONE
Impact
PovjerljivostCjelovitostDostupnost
LOW LOW NONE
CVSS vektor CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
Zadnje važnije ažuriranje 14-02-2025 - 15:31
Objavljeno 28-02-2024 - 20:15