CVE-2017-16792

Опубликовано: 13 нояб. 2017

Источник: nvd

CVSS3: 6.1

CVSS2: 4.3

EPSS Низкий

Описание

Stored cross-site scripting (XSS) vulnerability in "geminabox" (Gem in a Box) before 0.13.10 allows attackers to inject arbitrary web script via the "homepage" value of a ".gemspec" file, related to views/gem.erb and views/index.erb.

Ссылки

https://github.com/geminabox/geminabox/blob/master/CHANGELOG.md
Release Notes
Third Party Advisory
https://github.com/geminabox/geminabox/commit/f8429a9e364658459add170e4ebc7a5d3b4759e7
Issue Tracking
https://rubygems.org/gems/geminabox/versions/0.13.10
Product
https://github.com/geminabox/geminabox/blob/master/CHANGELOG.md
Release Notes
Third Party Advisory
https://github.com/geminabox/geminabox/commit/f8429a9e364658459add170e4ebc7a5d3b4759e7
Issue Tracking
https://rubygems.org/gems/geminabox/versions/0.13.10
Product

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:geminabox_project:geminabox:*:*:*:*:*:ruby:*:*

Версия до 0.13.10 (исключая)

EPSS

Процентиль: 58%

0.00361

Низкий

6.1 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-653m-r33x-39ff