CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

12 matches found

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2017-0356

Malware in sbrugna...

6.1CVSS6.1AI score0.00328EPSS

Exploits0References5

RedhatCVE•added 2025/05/22 7:18 a.m.•3 views

CVE-2017-16833

Stored cross-site scripting XSS vulnerability in Gemirro before 0.16.0 allows attackers to inject arbitrary web script via a crafted javascript: URL in the "homepage" value of a ".gemspec" file...

6.1CVSS5.4AI score0.00328EPSS

Exploits0References1

Github Security Blog•added 2017/11/29 11:19 p.m.•18 views

Gemirro Stored XSS in Gemspec "homepage" value

Stored cross-site scripting XSS vulnerability in Gemirro before 0.16.0 allows attackers to inject arbitrary web script via a crafted javascript: URL in the "homepage" value of a ".gemspec" file. A ".gemspec" file must be created with a JavaScript URL in the homepage value. This can be used to bui...

6.1CVSS5.3AI score0.00328EPSS

Exploits0References4Affected Software1

OSV•added 2017/11/29 11:19 p.m.•14 views

GHSA-X7P2-X2J6-MWHR Gemirro Stored XSS in Gemspec "homepage" value

6.1CVSS5.8AI score0.00328EPSS

Exploits0References4

CNVD•added 2017/11/21 12:0 a.m.•1 views

Gemirro Cross-Site Scripting Vulnerability

Gemirro is a RubyGems image creation program based on Ruby. A cross-site scripting vulnerability exists in versions of Gemirro prior to 0.16.0. A remote attacker can inject arbitrary web scripts using a specially crafted javascript: URL in the homepage value of a .gemspec file...

6.1CVSS6.2AI score0.00328EPSS

Exploits0References1

Veracode•added 2017/11/15 2:25 p.m.•12 views

Stored Cross-Site Scripting (XSS)

gemirro is vulnerable to stored cross-site scripting XSS attacks. The attack is possible because the library does not escape the "homepage" value of a ".gemspec" file...

6.1CVSS5.7AI score0.00328EPSS

Exploits0References2Affected Software1

Prion•added 2017/11/15 9:29 a.m.•7 views

Cross site scripting

Stored cross-site scripting XSS vulnerability in Gemirro before 0.16.0 allows attackers to inject arbitrary web script via a crafted javascript: URL in the "homepage" value of a ".gemspec" file...

4.3CVSS5.7AI score0.00328EPSS

Exploits0References1Affected Software1

OSV•added 2017/11/15 9:29 a.m.•7 views

CVE-2017-16833

Stored cross-site scripting XSS vulnerability in Gemirro before 0.16.0 allows attackers to inject arbitrary web script via a crafted javascript: URL in the "homepage" value of a ".gemspec" file...

6.1CVSS5.4AI score

Exploits0References1

NVD•added 2017/11/15 9:29 a.m.•15 views

CVE-2017-16833

Stored cross-site scripting XSS vulnerability in Gemirro before 0.16.0 allows attackers to inject arbitrary web script via a crafted javascript: URL in the "homepage" value of a ".gemspec" file...

6.1CVSS5.8AI score0.00328EPSS

Exploits0References1

CVE•added 2017/11/15 9:0 a.m.•70 views

CVE-2017-16833

CVE-2017-16833 describes a stored XSS vulnerability in the RubyGem reposito ry tool Gemirro prior to version 0.16.0. The issue arises when a crafted javascript: URL placed in the homepage field of a ".gemspec" file is processed, allowing an attacker to inject arbitrary web script. Public referenc...

6.1CVSS5.7AI score0.00328EPSS

Exploits0References1Affected Software1

Cvelist•added 2017/11/15 9:0 a.m.•14 views

CVE-2017-16833

Stored cross-site scripting XSS vulnerability in Gemirro before 0.16.0 allows attackers to inject arbitrary web script via a crafted javascript: URL in the "homepage" value of a ".gemspec" file...

5.8AI score0.00328EPSS

Exploits0References1

RubySec•added 2017/07/11 12:0 a.m.•16 views

Stored XSS in "gemirro" via injection in Gemspec "homepage" value

Stored cross-site scripting XSS vulnerability in Gemirro allows attackers to inject arbitrary web script via a crafted JavaScript URL in the "homepage" value of a ".gemspec" file. A ".gemspec" file must be created with a JavaScript URL in the homepage value. This can be used to build a gem for...

6.1CVSS1.4AI score0.00328EPSS

Exploits0References1Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by