CVE-2017-16792

Published November 13th, 2017

View on NVD ↗

CVSS v3

6.1

MEDIUM

CVSS v2

4.3

MEDIUM

Affected

PROJECTS

Description

Stored cross-site scripting (XSS) vulnerability in "geminabox" (Gem in a Box) before 0.13.10 allows attackers to inject arbitrary web script via the "homepage" value of a ".gemspec" file, related to views/gem.erb and views/index.erb.

geminabox

A private gem hosting and/or caching app, with client side gem push style functionality. Web UI is provided.

RubyGems

2.33M

geminabox/geminabox

Really simple rubygem hosting

GitHub

1.55K