---
gem: sinatra
cve: 2018-11627
url: https://github.com/sinatra/sinatra/issues/1428
title: XSS via the 400 Bad Request page
date: 2018-05-31
description: |
  Sinatra before 2.0.2 has XSS via the 400 Bad Request page that occurs upon a params parser exception.

cvss_v3: 6.1

patched_versions:
  - ">= 2.0.2"
unaffected_versions:
  - "< 2.0.0.beta1"
  - "2.0.0-alpha"