CVE-2018-11627 – rubygem-sinatra: XSS in the 400 Bad Request page
https://notcve.org/view.php?id=CVE-2018-11627
Sinatra before 2.0.2 has XSS via the 400 Bad Request page that occurs upon a params parser exception. Sinatra en versiones anteriores a la 2.0.2 tiene Cross-Site Scripting (XSS) a través de la página 400 Bad Request que se produce en una excepción del analizador de parámetros. • https://access.redhat.com/errata/RHSA-2019:0212 https://access.redhat.com/errata/RHSA-2019:0315 https://github.com/sinatra/sinatra/commit/12786867d6faaceaec62c7c2cb5b0e2dc074d71a https://github.com/sinatra/sinatra/issues/1428 https://access.redhat.com/security/cve/CVE-2018-11627 https://bugzilla.redhat.com/show_bug.cgi?id=1585218 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •