Aviv Keller discovered that the frames.html file generated by YARD, a documentation generation tool for the Ruby programming language, was vulnerable to cross-site scripting.