CVE-2014-4920

Reflective Cross-site Scripting Vulnerability in twitter-bootstrap-rails

Published: 3/16/2023Modified: 11/30/2024

Description

The twitter-bootstrap-rails Gem for Rails contains a flaw that enables a reflected cross-site scripting (XSS) attack. This flaw exists because the bootstrap_flash helper method does not validate input when handling flash messages before returning it to users. This may allow a context-dependent attacker to create a specially crafted request that would execute arbitrary script code in a user's browser session within the trust relationship between their browser and the server.

Affected packages (1)

RubyGems/twitter-bootstrap-railsfrom 0, < 3.2.0

References (2)

WEBhttps://github.com/rubysec/ruby-advisory-db/blob/master/gems/twitter-bootstrap-rails/CVE-2014-4920.yml
WEBhttps://nvisium.com/blog/2014/03/28/reflected-xss-vulnerability-in-twitter