GHSA-653m-r33x-39ff
Suggest an improvement- Source
- https://github.com/advisories/GHSA-653m-r33x-39ff
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2017/11/GHSA-653m-r33x-39ff/GHSA-653m-r33x-39ff.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-653m-r33x-39ff
- Aliases
- Published
- 2017-11-29T23:20:14Z
- Modified
- 2023-11-08T03:59:13.670724Z
- Severity
-
- 6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
- Summary
- Geminabox contains Cross-site Scripting
- Details
-
Stored cross-site scripting (XSS) vulnerability in "geminabox" (Gem in a Box) before 0.13.10 allows attackers to inject arbitrary web script via the "homepage" value of a ".gemspec" file, related to views/gem.erb and views/index.erb.
- Database specific
{ "nvd_published_at": null, "github_reviewed_at": "2020-06-16T21:18:04Z", "severity": "MODERATE", "github_reviewed": true, "cwe_ids": [ "CWE-79" ] }- References
Affected packages
RubyGems / geminabox
Package
- Name
- geminabox
- Purl
- pkg:gem/geminabox
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed0.13.10
Affected versions
0.*
0.1.0
0.2.0
0.2.1
0.2.2
0.2.3
0.2.4
0.2.5
0.2.6
0.2.7
0.2.8
0.2.9.pre1
0.2.9
0.2.10
0.2.11
0.2.13
0.2.14
0.2.15
0.3.0
0.3.1
0.3.2
0.3.3
0.4.0
0.5.0
0.5.1
0.5.2
0.6.0
0.6.1pre1
0.6.1
0.7.0
0.8.0
0.9.0
0.10.0
0.10.1
0.11.0
0.11.1
0.12.0
0.12.1
0.12.2
0.12.3
0.12.4
0.13.0
0.13.1
0.13.2
0.13.3
0.13.4
0.13.5
0.13.6
0.13.7
0.13.8
0.13.9