Sha256: 51b90073753c6b655d785784d2fd111fc6f07194f06eb3a83890e02169a36a9a
Contents?: true
Size: 796 Bytes
Versions: 1
Compression:
Stored size: 796 Bytes
Contents
--- gem: twitter-bootstrap-rails framework: rails cve: 2014-4920 osvdb: 109206 url: http://blog.nvisium.com/2014/03/reflected-xss-vulnerability-in-twitter.html title: Reflective XSS Vulnerability in twitter-bootstrap-rails date: 2014-03-25 description: | The twitter-bootstrap-rails Gem for Rails contains a flaw that enables a reflected cross-site scripting (XSS) attack. This flaw exists because the bootstrap_flash helper method does not validate input when handling flash messages before returning it to users. This may allow a context-dependent attacker to create a specially crafted request that would execute arbitrary script code in a user's browser session within the trust relationship between their browser and the server. cvss_v2: patched_versions: - ">= 3.2.0"
Version data entries
1 entries across 1 versions & 1 rubygems
| Version | Path |
|---|---|
| bundler-audit-0.5.0 | data/ruby-advisory-db/gems/twitter-bootstrap-rails/OSVDB-109206.yml |