Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
osvGoogleOSV:GHSA-X7P2-X2J6-MWHR
HistoryNov 29, 2017 - 11:19 p.m.

Gemirro Stored XSS in Gemspec "homepage" value

2017-11-2923:19:51
Google
osv.dev
11

EPSS

0.001

Percentile

34.9%

JSON

Stored cross-site scripting (XSS) vulnerability in Gemirro before 0.16.0 allows attackers to inject arbitrary web script via a crafted javascript: URL in the “homepage” value of a “.gemspec” file.
A “.gemspec” file must be created with a JavaScript URL in the homepage value. This can be used to build a gem for upload to the Gemirro server, in order to achieve stored XSS via the author name hyperlink.

Related

rubygems 1
cve 1
veracode 1
cvelist 1
github 1
nvd 1
prion 1
osv 1
rubygems
rubygems
Stored XSS in "gemirro" via injection in Gemspec "homepage" value
2017-07-10 21:00:00
cve
cve
CVE-2017-16833
2017-11-15 09:29:00
veracode
veracode
Stored Cross-Site Scripting (XSS)
2017-11-15 14:25:56
cvelist
cvelist
CVE-2017-16833
2017-11-15 09:00:00
github
github
Gemirro Stored XSS in Gemspec "homepage" value
2017-11-29 23:19:51
nvd
nvd
CVE-2017-16833
2017-11-15 09:29:00
prion
prion
Cross site scripting
2017-11-15 09:29:00
osv
osv
CVE-2017-16833
2017-11-15 09:29:00

EPSS

0.001

Percentile

34.9%

JSON
Related for OSV:GHSA-X7P2-X2J6-MWHR
rubygems1cve1veracode1cvelist1github1nvd1prion1osv1