Filtered by vendor Geminabox Project
Subscriptions
Total
3 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2017-16792 | 1 Geminabox Project | 1 Geminabox | 2024-11-21 | 6.1 Medium |
| Stored cross-site scripting (XSS) vulnerability in "geminabox" (Gem in a Box) before 0.13.10 allows attackers to inject arbitrary web script via the "homepage" value of a ".gemspec" file, related to views/gem.erb and views/index.erb. | ||||
| CVE-2017-14683 | 1 Geminabox Project | 1 Geminabox | 2024-11-21 | 8.8 High |
| geminabox (aka Gem in a Box) before 0.13.7 has CSRF, as demonstrated by an unintended gem upload. | ||||
| CVE-2017-14506 | 1 Geminabox Project | 1 Geminabox | 2024-11-21 | 5.4 Medium |
| geminabox (aka Gem in a Box) before 0.13.6 has XSS, as demonstrated by uploading a gem file that has a crafted gem.homepage value in its .gemspec file. | ||||
Page 1 of 1.