{"id":"UBUNTU-CVE-2012-6684","details":"Cross-site scripting (XSS) vulnerability in the RedCloth library 4.2.9 for Ruby and earlier allows remote attackers to inject arbitrary web script or HTML via a javascript: URI.","modified":"2025-07-16T07:32:49.796746Z","published":"2015-01-08T01:59:00Z","withdrawn":"2025-07-18T16:42:48Z","upstream":["CVE-2012-6684"],"references":[{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2012-6684"},{"type":"REPORT","url":"http://co3k.org/blog/redcloth-unfixed-xss-en"},{"type":"REPORT","url":"https://gist.github.com/co3k/75b3cb416c342aa1414c"},{"type":"REPORT","url":"http://seclists.org/fulldisclosure/2014/Dec/50"},{"type":"REPORT","url":"http://jgarber.lighthouseapp.com/projects/13054-redcloth/tickets/243-xss"},{"type":"REPORT","url":"https://www.cve.org/CVERecord?id=CVE-2012-6684"}],"affected":[{"package":{"name":"ruby-redcloth","ecosystem":"Ubuntu:16.04:LTS","purl":"pkg:deb/ubuntu/ruby-redcloth@4.2.9-5build4?arch=source&distro=xenial"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.2.9-5build4"}]}],"versions":["4.2.9-5build1","4.2.9-5build2","4.2.9-5build3"],"ecosystem_specific":{"availability":"No subscription required","binaries":[{"binary_name":"ruby-redcloth","binary_version":"4.2.9-5build4"},{"binary_name":"ruby-redcloth-dbgsym","binary_version":"4.2.9-5build4"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2012/UBUNTU-CVE-2012-6684.json"}},{"package":{"name":"ruby-redcloth","ecosystem":"Ubuntu:18.04:LTS","purl":"pkg:deb/ubuntu/ruby-redcloth@4.3.2-3build1?arch=source&distro=bionic"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.3.2-3build1"}]}],"versions":["4.3.2-2","4.3.2-3"],"ecosystem_specific":{"availability":"No subscription required","binaries":[{"binary_name":"ruby-redcloth","binary_version":"4.3.2-3build1"},{"binary_name":"ruby-redcloth-dbgsym","binary_version":"4.3.2-3build1"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2012/UBUNTU-CVE-2012-6684.json"}}],"schema_version":"1.7.3","severity":[{"type":"Ubuntu","score":"medium"}]}