Описание
Gemirro Stored XSS in Gemspec "homepage" value
Stored cross-site scripting (XSS) vulnerability in Gemirro before 0.16.0 allows attackers to inject arbitrary web script via a crafted javascript: URL in the "homepage" value of a ".gemspec" file. A ".gemspec" file must be created with a JavaScript URL in the homepage value. This can be used to build a gem for upload to the Gemirro server, in order to achieve stored XSS via the author name hyperlink.
Пакеты
Наименование
gemirro
rubygems
Затронутые версииВерсия исправления
< 0.16.0
0.16.0
Связанные уязвимости
CVSS3: 6.1
nvd
около 8 лет назад
Stored cross-site scripting (XSS) vulnerability in Gemirro before 0.16.0 allows attackers to inject arbitrary web script via a crafted javascript: URL in the "homepage" value of a ".gemspec" file.