Lucene search
K

6 matches found

NVD
NVD
added 2017/09/25 8:29 a.m.12 views

CVE-2017-14506

geminabox aka Gem in a Box before 0.13.6 has XSS, as demonstrated by uploading a gem file that has a crafted gem.homepage value in its .gemspec file...

5.4CVSS5.4AI score0.0068EPSS
Exploits1References2
OSV
OSV
added 2017/09/25 8:29 a.m.14 views

CVE-2017-14506

geminabox aka Gem in a Box before 0.13.6 has XSS, as demonstrated by uploading a gem file that has a crafted gem.homepage value in its .gemspec file...

5.4CVSS7AI score
Exploits0References2
Cvelist
Cvelist
added 2017/09/25 8:0 a.m.16 views

CVE-2017-14506

geminabox aka Gem in a Box before 0.13.6 has XSS, as demonstrated by uploading a gem file that has a crafted gem.homepage value in its .gemspec file...

6.1AI score0.0068EPSS
Exploits1References2
CVE
CVE
added 2017/09/25 8:0 a.m.56 views

CVE-2017-14506

Gem in a Box (geminabox) prior to 0.13.6 is vulnerable to Cross-site Scripting (XSS) via a crafted gem.homepage value in a .gemspec file uploaded as a gem. Affected product: geminabox (Ruby) before 0.13.6. Impact: XSS that may affect users accessing the web interface; some sources note potential ...

5.4CVSS5.6AI score0.0068EPSS
Exploits1References2Affected Software1
Tenable Nessus
Tenable Nessus
added 2017/09/20 12:0 a.m.21 views

FreeBSD : rubygem-geminabox -- XSS & CSRF vulnerabilities (2bffdf2f-9d45-11e7-a25c-471bafc3262f)

Gem in a box XSS vulenrability - CVE-2017-14506 : Malicious attacker create GEM file with crafted homepage value gem.homepage in .gemspec file includes XSS payload. The attacker access geminabox system and uploads the gem file or uses CSRF/SSRF attack to do so. From now on, any user access...

8.8CVSS6.5AI score0.0068EPSS
Exploits2References4
FreeBSD
FreeBSD
added 2017/09/18 12:0 a.m.33 views

rubygem-geminabox -- XSS & CSRF vulnerabilities

Gem in a box XSS vulenrability - CVE-2017-14506: Malicious attacker create GEM file with crafted homepage value gem.homepage in .gemspec file includes XSS payload. The attacker access geminabox system and uploads the gem file or uses CSRF/SSRF attack to do so. From now on, any user access Geminab...

8.8CVSS6.8AI score0.0068EPSS
Exploits2References1
Rows per page
Query Builder