17 matches found
EUVD-2017-0344
Malware in sbrugna...
EUVD-2017-0356
Malware in sbrugna...
EUVD-2022-3325
Malicious code in bioql PyPI...
CVE-2017-16833
Stored cross-site scripting XSS vulnerability in Gemirro before 0.16.0 allows attackers to inject arbitrary web script via a crafted javascript: URL in the "homepage" value of a ".gemspec" file...
Gem in a Box vulnerable to Cross-site Scripting
geminabox aka Gem in a Box before 0.13.6 is vulnerable to Cross-site Scripting XSS, as demonstrated by uploading a gem file that has a crafted gem.homepage value in its .gemspec file...
GHSA-653M-R33X-39FF Geminabox contains Cross-site Scripting
Stored cross-site scripting XSS vulnerability in "geminabox" Gem in a Box before 0.13.10 allows attackers to inject arbitrary web script via the "homepage" value of a ".gemspec" file, related to views/gem.erb and views/index.erb...
Geminabox contains Cross-site Scripting
Stored cross-site scripting XSS vulnerability in "geminabox" Gem in a Box before 0.13.10 allows attackers to inject arbitrary web script via the "homepage" value of a ".gemspec" file, related to views/gem.erb and views/index.erb...
GHSA-X7P2-X2J6-MWHR Gemirro Stored XSS in Gemspec "homepage" value
Stored cross-site scripting XSS vulnerability in Gemirro before 0.16.0 allows attackers to inject arbitrary web script via a crafted javascript: URL in the "homepage" value of a ".gemspec" file. A ".gemspec" file must be created with a JavaScript URL in the homepage value. This can be used to bui...
Stored Cross-Site Scripting (XSS)
gemirro is vulnerable to stored cross-site scripting XSS attacks. The attack is possible because the library does not escape the "homepage" value of a ".gemspec" file...
CVE-2017-16833
Stored cross-site scripting XSS vulnerability in Gemirro before 0.16.0 allows attackers to inject arbitrary web script via a crafted javascript: URL in the "homepage" value of a ".gemspec" file...
geminabox cross-site scripting vulnerability (CNVD-2017-36112)
geminabox aka Gem in a Box is a personal code hosting platform. A cross-site scripting vulnerability exists in geminabox versions prior to 0.13.10. The vulnerability can be exploited by remote attackers to inject arbitrary web scripts via the 'homepage' value of a .gemspec file...
CVE-2017-16792
Stored cross-site scripting XSS vulnerability in "geminabox" Gem in a Box before 0.13.10 allows attackers to inject arbitrary web script via the "homepage" value of a ".gemspec" file, related to views/gem.erb and views/index.erb...
CVE-2017-16792
Gem in a Box (geminabox) prior to version 0.13.10 is affected by a stored XSS vulnerability. An attacker can inject arbitrary script via the homepage field in a .gemspec, related to the views/gem.erb and views/index.erb templates. The CVE-2017-16792 entry is corroborated by multiple sources (incl...
CVE-2017-16792
Stored cross-site scripting XSS vulnerability in "geminabox" Gem in a Box before 0.13.10 allows attackers to inject arbitrary web script via the "homepage" value of a ".gemspec" file, related to views/gem.erb and views/index.erb...
CVE-2017-14506
geminabox aka Gem in a Box before 0.13.6 has XSS, as demonstrated by uploading a gem file that has a crafted gem.homepage value in its .gemspec file...
Design/Logic Flaw
geminabox aka Gem in a Box before 0.13.6 has XSS, as demonstrated by uploading a gem file that has a crafted gem.homepage value in its .gemspec file...
FreeBSD : rubygem-geminabox -- XSS & CSRF vulnerabilities (2bffdf2f-9d45-11e7-a25c-471bafc3262f)
Gem in a box XSS vulenrability - CVE-2017-14506 : Malicious attacker create GEM file with crafted homepage value gem.homepage in .gemspec file includes XSS payload. The attacker access geminabox system and uploads the gem file or uses CSRF/SSRF attack to do so. From now on, any user access...