logo

Database

Server side cross-site scripting In geminabox

Description

Geminabox contains Cross-site Scripting Stored cross-site scripting (XSS) vulnerability in "geminabox" (Gem in a Box) before 0.13.10 allows attackers to inject arbitrary web script via the "homepage" value of a ".gemspec" file, related to views/gem.erb and views/index.erb.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem
Package
Affected version
Patched versions

Aliases

1. CVE-2017-167922. NVD-2017-167923. OSV-2017-167924. GCVE-2017-16792

References

1. https://github.com/geminabox/geminabox/commit/f8429a9e364658459add170e4ebc7a5d3b4759e72. https://github.com/geminabox/geminabox/blob/master/CHANGELOG.md3. https://rubygems.org/gems/geminabox/versions/0.13.10

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.