Lucene search
K

45 matches found

RedHat Linux
RedHat Linux
added 2018/03/26 9:39 a.m.6 views

rubygems: Escape sequence in the "summary" field of gemspec

A vulnerability was found where rubygems did not properly sanitize gems' specification text. A specially crafted gem could interact with the terminal via the use of escape sequences...

9.8CVSS7.3AI score0.1081EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2018/02/28 8:6 p.m.5 views

rubygems: Escape sequence in the "summary" field of gemspec

A vulnerability was found where rubygems did not properly sanitize gems' specification text. A specially crafted gem could interact with the terminal via the use of escape sequences...

9.8CVSS7.3AI score0.1081EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2017/12/19 8:37 a.m.6 views

rubygems: Escape sequence in the "summary" field of gemspec

A vulnerability was found where rubygems did not properly sanitize gems' specification text. A specially crafted gem could interact with the terminal via the use of escape sequences...

9.8CVSS7.3AI score0.1081EPSS
Exploits1References5
OSV
OSV
added 2017/11/29 11:20 p.m.20 views

GHSA-653M-R33X-39FF Geminabox contains Cross-site Scripting

Stored cross-site scripting XSS vulnerability in "geminabox" Gem in a Box before 0.13.10 allows attackers to inject arbitrary web script via the "homepage" value of a ".gemspec" file, related to views/gem.erb and views/index.erb...

6.1CVSS5.8AI score0.01084EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2017/11/29 11:20 p.m.21 views

Geminabox contains Cross-site Scripting

Stored cross-site scripting XSS vulnerability in "geminabox" Gem in a Box before 0.13.10 allows attackers to inject arbitrary web script via the "homepage" value of a ".gemspec" file, related to views/gem.erb and views/index.erb...

6.1CVSS4.2AI score0.01084EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2017/11/29 11:19 p.m.28 views

Gemirro Stored XSS in Gemspec "homepage" value

Stored cross-site scripting XSS vulnerability in Gemirro before 0.16.0 allows attackers to inject arbitrary web script via a crafted javascript: URL in the "homepage" value of a ".gemspec" file. A ".gemspec" file must be created with a JavaScript URL in the homepage value. This can be used to bui...

6.1CVSS5.3AI score0.00814EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2017/11/29 11:19 p.m.28 views

GHSA-X7P2-X2J6-MWHR Gemirro Stored XSS in Gemspec "homepage" value

Stored cross-site scripting XSS vulnerability in Gemirro before 0.16.0 allows attackers to inject arbitrary web script via a crafted javascript: URL in the "homepage" value of a ".gemspec" file. A ".gemspec" file must be created with a JavaScript URL in the homepage value. This can be used to bui...

6.1CVSS5.8AI score0.00814EPSS
Exploits0References4
CNVD
CNVD
added 2017/11/21 12:0 a.m.3 views

Gemirro Cross-Site Scripting Vulnerability

Gemirro is a RubyGems image creation program based on Ruby. A cross-site scripting vulnerability exists in versions of Gemirro prior to 0.16.0. A remote attacker can inject arbitrary web scripts using a specially crafted javascript: URL in the homepage value of a .gemspec file...

6.1CVSS6.2AI score0.00814EPSS
Exploits0References1
Veracode
Veracode
added 2017/11/15 2:25 p.m.13 views

Stored Cross-Site Scripting (XSS)

gemirro is vulnerable to stored cross-site scripting XSS attacks. The attack is possible because the library does not escape the "homepage" value of a ".gemspec" file...

6.1CVSS5.7AI score0.00814EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2017/11/15 9:29 a.m.30 views

CVE-2017-16833

Stored cross-site scripting XSS vulnerability in Gemirro before 0.16.0 allows attackers to inject arbitrary web script via a crafted javascript: URL in the "homepage" value of a ".gemspec" file...

6.1CVSS5.8AI score0.00814EPSS
Exploits0References1
Prion
Prion
added 2017/11/15 9:29 a.m.13 views

Cross site scripting

Stored cross-site scripting XSS vulnerability in Gemirro before 0.16.0 allows attackers to inject arbitrary web script via a crafted javascript: URL in the "homepage" value of a ".gemspec" file...

4.3CVSS5.7AI score0.00814EPSS
Exploits0References1Affected Software1
CNVD
CNVD
added 2017/11/14 12:0 a.m.5 views

geminabox cross-site scripting vulnerability (CNVD-2017-36112)

geminabox aka Gem in a Box is a personal code hosting platform. A cross-site scripting vulnerability exists in geminabox versions prior to 0.13.10. The vulnerability can be exploited by remote attackers to inject arbitrary web scripts via the 'homepage' value of a .gemspec file...

6.1CVSS6.4AI score0.01084EPSS
Exploits0References1
NVD
NVD
added 2017/11/13 9:29 a.m.25 views

CVE-2017-16792

Stored cross-site scripting XSS vulnerability in "geminabox" Gem in a Box before 0.13.10 allows attackers to inject arbitrary web script via the "homepage" value of a ".gemspec" file, related to views/gem.erb and views/index.erb...

6.1CVSS5.9AI score0.01084EPSS
Exploits0References3
OSV
OSV
added 2017/11/13 9:29 a.m.15 views

CVE-2017-16792

Stored cross-site scripting XSS vulnerability in "geminabox" Gem in a Box before 0.13.10 allows attackers to inject arbitrary web script via the "homepage" value of a ".gemspec" file, related to views/gem.erb and views/index.erb...

6.1CVSS5.5AI score
Exploits0References3
Cvelist
Cvelist
added 2017/11/13 9:0 a.m.31 views

CVE-2017-16792

Stored cross-site scripting XSS vulnerability in "geminabox" Gem in a Box before 0.13.10 allows attackers to inject arbitrary web script via the "homepage" value of a ".gemspec" file, related to views/gem.erb and views/index.erb...

5.9AI score0.01084EPSS
Exploits0References3
CVE
CVE
added 2017/11/13 9:0 a.m.77 views

CVE-2017-16792

Gem in a Box (geminabox) prior to version 0.13.10 is affected by a stored XSS vulnerability. An attacker can inject arbitrary script via the homepage field in a .gemspec, related to the views/gem.erb and views/index.erb templates. The CVE-2017-16792 entry is corroborated by multiple sources (incl...

6.1CVSS5.8AI score0.01084EPSS
Exploits0References3Affected Software1
FreeBSD
FreeBSD
added 2017/11/13 12:0 a.m.16 views

rubygem-geminabox -- XSS vulnerabilities

NVD reports: Stored cross-site scripting XSS vulnerability in "geminabox" Gem in a Box before 0.13.10 allows attackers to inject arbitrary web script via the "homepage" value of a ".gemspec" file, related to views/gem.erb and views/index.erb...

6.1CVSS5.7AI score0.01084EPSS
Exploits0References1
Hacker One
Hacker One
added 2017/11/10 11:6 p.m.10 views

RubyGems: [gem server] Stored XSS via crafted JavaScript URL inclusion in Gemspec

Hi, A JavaScript URL injection in the homepage field within a Gemspec file can be leveraged to achieve stored XSS on the default gem server web interface, referenced here. When you install RubyGems, it adds the gem server command to your system. This is the fastest way to start hosting gems. As...

6.6AI score
Exploits0
RubySec
RubySec
added 2017/11/10 12:0 a.m.17 views

Stored XSS in "geminabox" via injection in Gemspec "homepage" value

Stored cross-site scripting XSS vulnerability in "geminabox" Gem in a Box allows attackers to inject arbitrary web script via a crafted JavaScript URL in the "homepage" value of a ".gemspec" file. A ".gemspec" file must be created with a JavaScript URL in the homepage value. This can be used to...

6.1CVSS1.1AI score0.01084EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2017/09/25 8:29 a.m.12 views

CVE-2017-14506

geminabox aka Gem in a Box before 0.13.6 has XSS, as demonstrated by uploading a gem file that has a crafted gem.homepage value in its .gemspec file...

5.4CVSS5.4AI score0.0068EPSS
Exploits1References2
Rows per page
Query Builder