---
gem: features
cve: 2013-4318
osvdb: 96975
url: http://osvdb.org/show/osvdb/96975
title: Features Gem for Ruby /tmp/out.html Local XSS
date: 2013-09-01
description: Features Gem for Ruby contains a flaw that allows a local cross-site scripting (XSS) attack. This flaw exists because the application does not validate certain input upon submission to /tmp/out.html. This may allow an attacker to create a specially crafted request that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.