Reflective Cross-site Scripting Vulnerability in twitter-bootstrap-rails

GHSA-vpqv-mqvc-pcx2 · CVE-2014-4920

Published Mar 16, 2023 · Modified Nov 30, 2024

Description

The twitter-bootstrap-rails Gem for Rails contains a flaw that enables a
reflected cross-site scripting (XSS) attack. This flaw exists because the
bootstrap_flash helper method does not validate input when handling flash
messages before returning it to users. This may allow a context-dependent
attacker to create a specially crafted request that would execute arbitrary
script code in a user's browser session within the trust relationship between
their browser and the server.

References

WEB https://github.com/rubysec/ruby-advisory-db/blob/master/gems/twitter-bootstrap-rails/CVE-2014-4920.yml
WEB https://nvisium.com/blog/2014/03/28/reflected-xss-vulnerability-in-twitter

Ready to move

Start Securing

Start for Free Get Demo

Free, no credit card | First findings in minutes