Search criteria Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.

Related vulnerabilities

GSD-2014-4920

Vulnerability from gsd - Updated: 2014-03-25 00:00
Details
The twitter-bootstrap-rails Gem for Rails contains a flaw that enables a reflected cross-site scripting (XSS) attack. This flaw exists because the bootstrap_flash helper method does not validate input when handling flash messages before returning it to users. This may allow a context-dependent attacker to create a specially crafted request that would execute arbitrary script code in a user's browser session within the trust relationship between their browser and the server.
Aliases
Aliases
CVE-2014-4920
To clipboard 

{
  "GSD": {
    "alias": "CVE-2014-4920",
    "id": "GSD-2014-4920"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "affected": [
        {
          "package": {
            "ecosystem": "RubyGems",
            "name": "twitter-bootstrap-rails",
            "purl": "pkg:gem/twitter-bootstrap-rails"
          }
        }
      ],
      "aliases": [
        "CVE-2014-4920",
        "OSVDB-109206"
      ],
      "details": "The twitter-bootstrap-rails Gem for Rails contains a flaw that enables a\nreflected cross-site scripting (XSS) attack. This flaw exists because the\nbootstrap_flash helper method does not validate input when handling flash\nmessages before returning it to users. This may allow a context-dependent\nattacker to create a specially crafted request that would execute arbitrary\nscript code in a user\u0027s browser session within the trust relationship between\ntheir browser and the server.\n",
      "id": "GSD-2014-4920",
      "modified": "2014-03-25T00:00:00.000Z",
      "published": "2014-03-25T00:00:00.000Z",
      "references": [
        {
          "type": "WEB",
          "url": "https://nvisium.com/blog/2014/03/28/reflected-xss-vulnerability-in-twitter"
        }
      ],
      "schema_version": "1.4.0",
      "summary": "Reflective XSS Vulnerability in twitter-bootstrap-rails"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2014-4920",
        "STATE": "RESERVED"
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
          }
        ]
      }
    },
    "github.com/rubysec/ruby-advisory-db": {
      "cve": "2014-4920",
      "date": "2014-03-25",
      "description": "The twitter-bootstrap-rails Gem for Rails contains a flaw that enables a\nreflected cross-site scripting (XSS) attack. This flaw exists because the\nbootstrap_flash helper method does not validate input when handling flash\nmessages before returning it to users. This may allow a context-dependent\nattacker to create a specially crafted request that would execute arbitrary\nscript code in a user\u0027s browser session within the trust relationship between\ntheir browser and the server.\n",
      "framework": "rails",
      "gem": "twitter-bootstrap-rails",
      "osvdb": 109206,
      "patched_versions": [
        "\u003e= 3.2.0"
      ],
      "title": "Reflective XSS Vulnerability in twitter-bootstrap-rails",
      "url": "https://nvisium.com/blog/2014/03/28/reflected-xss-vulnerability-in-twitter"
    },
    "gitlab.com": {
      "advisories": [
        {
          "affected_range": "\u003c3.2.0",
          "affected_versions": "All versions before 3.2.0",
          "credit": "Mike McCabe",
          "cwe_ids": [
            "CWE-1035",
            "CWE-937"
          ],
          "date": "2014-03-25",
          "description": "The gem contains a flaw that enables a reflected cross-site scripting (XSS) attack. This flaw exists because the bootstrap_flash helper method does not validate input when handling flash messages before returning it to users. This may allow a context-dependent attacker to create a specially crafted request that would execute arbitrary script code in a user\u0027s browser session within the trust relationship between their browser and the server. ",
          "fixed_versions": [
            "3.2.0"
          ],
          "identifier": "CVE-2014-4920",
          "identifiers": [
            "CVE-2014-4920"
          ],
          "not_impacted": "All versions starting from 3.2.0",
          "package_slug": "gem/twitter-bootstrap-rails",
          "pubdate": "2014-03-25",
          "solution": "Upgrade to version 3.2.0 or above.",
          "title": "Reflective XSS Vulnerability",
          "urls": [
            "https://nvisium.com/blog/2014/03/28/reflected-xss-vulnerability-in-twitter/"
          ],
          "uuid": "60fafd72-5743-48bb-8e8d-988f4f63511a"
        }
      ]
    }
  }
}

GHSA-VPQV-MQVC-PCX2

Vulnerability from github – Published: 2023-03-16 18:35 – Updated: 2023-03-16 18:35
VLAI?
Summary
Reflective Cross-site Scripting Vulnerability in twitter-bootstrap-rails
Details

The twitter-bootstrap-rails Gem for Rails contains a flaw that enables a reflected cross-site scripting (XSS) attack. This flaw exists because the bootstrap_flash helper method does not validate input when handling flash messages before returning it to users. This may allow a context-dependent attacker to create a specially crafted request that would execute arbitrary script code in a user's browser session within the trust relationship between their browser and the server.

Show details on source website
To clipboard 

{
  "affected": [
    {
      "package": {
        "ecosystem": "RubyGems",
        "name": "twitter-bootstrap-rails"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "3.2.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2014-4920"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-79"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2023-03-16T18:35:11Z",
    "nvd_published_at": null,
    "severity": "MODERATE"
  },
  "details": "The twitter-bootstrap-rails Gem for Rails contains a flaw that enables a\nreflected cross-site scripting (XSS) attack. This flaw exists because the\nbootstrap_flash helper method does not validate input when handling flash\nmessages before returning it to users. This may allow a context-dependent\nattacker to create a specially crafted request that would execute arbitrary\nscript code in a user\u0027s browser session within the trust relationship between\ntheir browser and the server.\n",
  "id": "GHSA-vpqv-mqvc-pcx2",
  "modified": "2023-03-16T18:35:11Z",
  "published": "2023-03-16T18:35:11Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/twitter-bootstrap-rails/CVE-2014-4920.yml"
    },
    {
      "type": "WEB",
      "url": "https://nvisium.com/blog/2014/03/28/reflected-xss-vulnerability-in-twitter"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [],
  "summary": "Reflective Cross-site Scripting Vulnerability in twitter-bootstrap-rails"
}