32 matches found
EUVD-2017-0344
Malware in sbrugna...
EUVD-2022-3325
Malicious code in bioql PyPI...
EUVD-2022-5050
Malicious code in bioql PyPI...
Gem in a Box vulnerable to Cross-site Scripting
geminabox aka Gem in a Box before 0.13.6 is vulnerable to Cross-site Scripting XSS, as demonstrated by uploading a gem file that has a crafted gem.homepage value in its .gemspec file...
Gem in a Box vulnerable to Cross-site Scripting
geminabox aka Gem in a Box before 0.13.6 is vulnerable to Cross-site Scripting XSS, as demonstrated by uploading a gem file that has a crafted gem.homepage value in its .gemspec file...
Cross-Site Scripting (XSS)
geminabox is vulnerable to cross-site scriptingXSS attacks. The attack exists because the '/reindex' does not escape the forcerebuild url does not validate the parameters that it takes in...
GHSA-653M-R33X-39FF Geminabox contains Cross-site Scripting
Stored cross-site scripting XSS vulnerability in "geminabox" Gem in a Box before 0.13.10 allows attackers to inject arbitrary web script via the "homepage" value of a ".gemspec" file, related to views/gem.erb and views/index.erb...
Geminabox contains Cross-site Scripting
Stored cross-site scripting XSS vulnerability in "geminabox" Gem in a Box before 0.13.10 allows attackers to inject arbitrary web script via the "homepage" value of a ".gemspec" file, related to views/gem.erb and views/index.erb...
Cross-site Scripting (XSS)
geminabox is vulnerable to cross-site scripting XSS attacks. The library does not sanitize the spec.homepage value of the gemspec file, allowing a malicious user to inject and execute arbitrary web script...
geminabox cross-site scripting vulnerability (CNVD-2017-36112)
geminabox aka Gem in a Box is a personal code hosting platform. A cross-site scripting vulnerability exists in geminabox versions prior to 0.13.10. The vulnerability can be exploited by remote attackers to inject arbitrary web scripts via the 'homepage' value of a .gemspec file...
FreeBSD : rubygem-geminabox -- XSS vulnerabilities (27b38d85-c891-11e7-a7bd-cd1209e563f2)
NVD reports : Stored cross-site scripting XSS vulnerability in 'geminabox' Gem in a Box before 0.13.10 allows attackers to inject arbitrary web script via the 'homepage' value of a '.gemspec' file, related to views/gem.erb and views/index.erb. %NASLMINLEVEL 70300 C Tenable Network Security, Inc...
Cross site scripting
Stored cross-site scripting XSS vulnerability in "geminabox" Gem in a Box before 0.13.10 allows attackers to inject arbitrary web script via the "homepage" value of a ".gemspec" file, related to views/gem.erb and views/index.erb...
CVE-2017-16792
Stored cross-site scripting XSS vulnerability in "geminabox" Gem in a Box before 0.13.10 allows attackers to inject arbitrary web script via the "homepage" value of a ".gemspec" file, related to views/gem.erb and views/index.erb...
CVE-2017-16792
Stored cross-site scripting XSS vulnerability in "geminabox" Gem in a Box before 0.13.10 allows attackers to inject arbitrary web script via the "homepage" value of a ".gemspec" file, related to views/gem.erb and views/index.erb...
CVE-2017-16792
Gem in a Box (geminabox) prior to version 0.13.10 is affected by a stored XSS vulnerability. An attacker can inject arbitrary script via the homepage field in a .gemspec, related to the views/gem.erb and views/index.erb templates. The CVE-2017-16792 entry is corroborated by multiple sources (incl...
rubygem-geminabox -- XSS vulnerabilities
NVD reports: Stored cross-site scripting XSS vulnerability in "geminabox" Gem in a Box before 0.13.10 allows attackers to inject arbitrary web script via the "homepage" value of a ".gemspec" file, related to views/gem.erb and views/index.erb...
Stored XSS in "geminabox" via injection in Gemspec "homepage" value
Stored cross-site scripting XSS vulnerability in "geminabox" Gem in a Box allows attackers to inject arbitrary web script via a crafted JavaScript URL in the "homepage" value of a ".gemspec" file. A ".gemspec" file must be created with a JavaScript URL in the homepage value. This can be used to...
Cross-Site Scripting (XSS)
geminabox is vulnerable to cross-site scripting XSS attacks. It is possible because the spec.homepage and the spec.email parameters are not sanitized, allowing the attackers to trigger XSS by sending a .gem file with gem.homepage value in its .gemspec file...
Cross site request forgery (csrf)
geminabox aka Gem in a Box before 0.13.7 has CSRF, as demonstrated by an unintended gem upload...
CVE-2017-14506
geminabox aka Gem in a Box before 0.13.6 has XSS, as demonstrated by uploading a gem file that has a crafted gem.homepage value in its .gemspec file...