CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Yardoc: >> Yard >> 0.9.20 Security Vulnerabilities

CVE-2024-27285

YARD is a Ruby Documentation tool. The "frames.html" file within the Yard Doc's generated documentation is vulnerable to Cross-Site Scripting (XSS) attacks due to inadequate sanitization of user input within the JavaScript segment of the "frames.erb" template file. This vulnerability is fixed in 0.9.36.

CVSS Score

5.4

EPSS Score

0.02

Published

2024-02-28

Page 1

Vulnerabilities

Vulnerable Software

Yardoc: >> Yard >> 0.9.20 Security Vulnerabilities

Products

Pricing

Contact Us