6 matches found
CVE-2017-14506
geminabox aka Gem in a Box before 0.13.6 has XSS, as demonstrated by uploading a gem file that has a crafted gem.homepage value in its .gemspec file...
CVE-2017-14506
geminabox aka Gem in a Box before 0.13.6 has XSS, as demonstrated by uploading a gem file that has a crafted gem.homepage value in its .gemspec file...
CVE-2017-14506
geminabox aka Gem in a Box before 0.13.6 has XSS, as demonstrated by uploading a gem file that has a crafted gem.homepage value in its .gemspec file...
CVE-2017-14506
Gem in a Box (geminabox) prior to 0.13.6 is vulnerable to Cross-site Scripting (XSS) via a crafted gem.homepage value in a .gemspec file uploaded as a gem. Affected product: geminabox (Ruby) before 0.13.6. Impact: XSS that may affect users accessing the web interface; some sources note potential ...
FreeBSD : rubygem-geminabox -- XSS & CSRF vulnerabilities (2bffdf2f-9d45-11e7-a25c-471bafc3262f)
Gem in a box XSS vulenrability - CVE-2017-14506 : Malicious attacker create GEM file with crafted homepage value gem.homepage in .gemspec file includes XSS payload. The attacker access geminabox system and uploads the gem file or uses CSRF/SSRF attack to do so. From now on, any user access...
rubygem-geminabox -- XSS & CSRF vulnerabilities
Gem in a box XSS vulenrability - CVE-2017-14506: Malicious attacker create GEM file with crafted homepage value gem.homepage in .gemspec file includes XSS payload. The attacker access geminabox system and uploads the gem file or uses CSRF/SSRF attack to do so. From now on, any user access Geminab...