Sha256: b1eaeebbbd8667f1ef292ee2db451c19387e1d6279a979efc357cc2ad0bb8e4d

Contents?: true

Size: 795 Bytes

Versions: 3

Compression:

Stored size: 795 Bytes

Contents

---
gem: twitter-bootstrap-rails
framework: rails
cve: 2014-4920
osvdb: 109206
url: https://nvisium.com/blog/2014/03/28/reflected-xss-vulnerability-in-twitter
title: Reflective XSS Vulnerability in twitter-bootstrap-rails
date: 2014-03-25

description: |
  The twitter-bootstrap-rails Gem for Rails contains a flaw that enables a 
  reflected cross-site scripting (XSS) attack. This flaw exists because the
  bootstrap_flash helper method does not validate input when handling flash 
  messages before returning it to users. This may allow a context-dependent
  attacker to create a specially crafted request that would execute arbitrary
  script code in a user's browser session within the trust relationship between
  their browser and the server.

cvss_v2: 

patched_versions:
  - ">= 3.2.0"

Version data entries

3 entries across 3 versions & 2 rubygems

Version Path
bundler-audit-0.7.0.1 data/ruby-advisory-db/gems/twitter-bootstrap-rails/OSVDB-109206.yml
bundler-budit-0.6.2 data/ruby-advisory-db/gems/twitter-bootstrap-rails/OSVDB-109206.yml
bundler-budit-0.6.1 data/ruby-advisory-db/gems/twitter-bootstrap-rails/OSVDB-109206.yml