45 matches found
rubygems: Escape sequence in the "summary" field of gemspec
A vulnerability was found where rubygems did not properly sanitize gems' specification text. A specially crafted gem could interact with the terminal via the use of escape sequences...
rubygems: Escape sequence in the "summary" field of gemspec
A vulnerability was found where rubygems did not properly sanitize gems' specification text. A specially crafted gem could interact with the terminal via the use of escape sequences...
rubygems: Escape sequence in the "summary" field of gemspec
A vulnerability was found where rubygems did not properly sanitize gems' specification text. A specially crafted gem could interact with the terminal via the use of escape sequences...
GHSA-653M-R33X-39FF Geminabox contains Cross-site Scripting
Stored cross-site scripting XSS vulnerability in "geminabox" Gem in a Box before 0.13.10 allows attackers to inject arbitrary web script via the "homepage" value of a ".gemspec" file, related to views/gem.erb and views/index.erb...
Geminabox contains Cross-site Scripting
Stored cross-site scripting XSS vulnerability in "geminabox" Gem in a Box before 0.13.10 allows attackers to inject arbitrary web script via the "homepage" value of a ".gemspec" file, related to views/gem.erb and views/index.erb...
Gemirro Stored XSS in Gemspec "homepage" value
Stored cross-site scripting XSS vulnerability in Gemirro before 0.16.0 allows attackers to inject arbitrary web script via a crafted javascript: URL in the "homepage" value of a ".gemspec" file. A ".gemspec" file must be created with a JavaScript URL in the homepage value. This can be used to bui...
GHSA-X7P2-X2J6-MWHR Gemirro Stored XSS in Gemspec "homepage" value
Stored cross-site scripting XSS vulnerability in Gemirro before 0.16.0 allows attackers to inject arbitrary web script via a crafted javascript: URL in the "homepage" value of a ".gemspec" file. A ".gemspec" file must be created with a JavaScript URL in the homepage value. This can be used to bui...
Gemirro Cross-Site Scripting Vulnerability
Gemirro is a RubyGems image creation program based on Ruby. A cross-site scripting vulnerability exists in versions of Gemirro prior to 0.16.0. A remote attacker can inject arbitrary web scripts using a specially crafted javascript: URL in the homepage value of a .gemspec file...
Stored Cross-Site Scripting (XSS)
gemirro is vulnerable to stored cross-site scripting XSS attacks. The attack is possible because the library does not escape the "homepage" value of a ".gemspec" file...
CVE-2017-16833
Stored cross-site scripting XSS vulnerability in Gemirro before 0.16.0 allows attackers to inject arbitrary web script via a crafted javascript: URL in the "homepage" value of a ".gemspec" file...
Cross site scripting
Stored cross-site scripting XSS vulnerability in Gemirro before 0.16.0 allows attackers to inject arbitrary web script via a crafted javascript: URL in the "homepage" value of a ".gemspec" file...
geminabox cross-site scripting vulnerability (CNVD-2017-36112)
geminabox aka Gem in a Box is a personal code hosting platform. A cross-site scripting vulnerability exists in geminabox versions prior to 0.13.10. The vulnerability can be exploited by remote attackers to inject arbitrary web scripts via the 'homepage' value of a .gemspec file...
CVE-2017-16792
Stored cross-site scripting XSS vulnerability in "geminabox" Gem in a Box before 0.13.10 allows attackers to inject arbitrary web script via the "homepage" value of a ".gemspec" file, related to views/gem.erb and views/index.erb...
CVE-2017-16792
Stored cross-site scripting XSS vulnerability in "geminabox" Gem in a Box before 0.13.10 allows attackers to inject arbitrary web script via the "homepage" value of a ".gemspec" file, related to views/gem.erb and views/index.erb...
CVE-2017-16792
Stored cross-site scripting XSS vulnerability in "geminabox" Gem in a Box before 0.13.10 allows attackers to inject arbitrary web script via the "homepage" value of a ".gemspec" file, related to views/gem.erb and views/index.erb...
CVE-2017-16792
Gem in a Box (geminabox) prior to version 0.13.10 is affected by a stored XSS vulnerability. An attacker can inject arbitrary script via the homepage field in a .gemspec, related to the views/gem.erb and views/index.erb templates. The CVE-2017-16792 entry is corroborated by multiple sources (incl...
rubygem-geminabox -- XSS vulnerabilities
NVD reports: Stored cross-site scripting XSS vulnerability in "geminabox" Gem in a Box before 0.13.10 allows attackers to inject arbitrary web script via the "homepage" value of a ".gemspec" file, related to views/gem.erb and views/index.erb...
RubyGems: [gem server] Stored XSS via crafted JavaScript URL inclusion in Gemspec
Hi, A JavaScript URL injection in the homepage field within a Gemspec file can be leveraged to achieve stored XSS on the default gem server web interface, referenced here. When you install RubyGems, it adds the gem server command to your system. This is the fastest way to start hosting gems. As...
Stored XSS in "geminabox" via injection in Gemspec "homepage" value
Stored cross-site scripting XSS vulnerability in "geminabox" Gem in a Box allows attackers to inject arbitrary web script via a crafted JavaScript URL in the "homepage" value of a ".gemspec" file. A ".gemspec" file must be created with a JavaScript URL in the homepage value. This can be used to...
CVE-2017-14506
geminabox aka Gem in a Box before 0.13.6 has XSS, as demonstrated by uploading a gem file that has a crafted gem.homepage value in its .gemspec file...