Sha256: f3d278044f9dfdd0d7b7d4e3a2815163c13c1a79517c68cf351e25ac9f79d725
Contents?: true
Size: 796 Bytes
Versions: 2
Compression:
Stored size: 796 Bytes
Contents
--- gem: twitter-bootstrap-rails framework: rails cve: 2014-4920 osvdb: 109206 url: https://nvisium.com/blog/2014/03/28/reflected-xss-vulnerability-in-twitter/ title: Reflective XSS Vulnerability in twitter-bootstrap-rails date: 2014-03-25 description: | The twitter-bootstrap-rails Gem for Rails contains a flaw that enables a reflected cross-site scripting (XSS) attack. This flaw exists because the bootstrap_flash helper method does not validate input when handling flash messages before returning it to users. This may allow a context-dependent attacker to create a specially crafted request that would execute arbitrary script code in a user's browser session within the trust relationship between their browser and the server. cvss_v2: patched_versions: - ">= 3.2.0"
Version data entries
2 entries across 2 versions & 1 rubygems
| Version | Path |
|---|---|
| bundler-audit-0.6.1 | data/ruby-advisory-db/gems/twitter-bootstrap-rails/OSVDB-109206.yml |
| bundler-audit-0.6.0 | data/ruby-advisory-db/gems/twitter-bootstrap-rails/OSVDB-109206.yml |