Skip to content

Reflective Cross-site Scripting Vulnerability in twitter-bootstrap-rails

Moderate severity GitHub Reviewed Published Mar 16, 2023 to the GitHub Advisory Database • Updated Mar 16, 2023

Package

bundler twitter-bootstrap-rails (RubyGems)

Affected versions

< 3.2.0

Patched versions

3.2.0

Description

The twitter-bootstrap-rails Gem for Rails contains a flaw that enables a
reflected cross-site scripting (XSS) attack. This flaw exists because the
bootstrap_flash helper method does not validate input when handling flash
messages before returning it to users. This may allow a context-dependent
attacker to create a specially crafted request that would execute arbitrary
script code in a user's browser session within the trust relationship between
their browser and the server.

References

Published to the GitHub Advisory Database Mar 16, 2023
Reviewed Mar 16, 2023
Last updated Mar 16, 2023

Severity

Moderate

Weaknesses

CVE ID

CVE-2014-4920

GHSA ID

GHSA-vpqv-mqvc-pcx2

Source code

No known source code
Loading Checking history
See something to contribute? Suggest improvements for this vulnerability.