3 matches found
CVE-2017-16833
Stored cross-site scripting XSS vulnerability in Gemirro before 0.16.0 allows attackers to inject arbitrary web script via a crafted javascript: URL in the "homepage" value of a ".gemspec" file...
CVE-2017-16833
Stored cross-site scripting XSS vulnerability in Gemirro before 0.16.0 allows attackers to inject arbitrary web script via a crafted javascript: URL in the "homepage" value of a ".gemspec" file...
CVE-2017-16833
CVE-2017-16833 describes a stored XSS vulnerability in the RubyGem reposito ry tool Gemirro prior to version 0.16.0. The issue arises when a crafted javascript: URL placed in the homepage field of a ".gemspec" file is processed, allowing an attacker to inject arbitrary web script. Public referenc...