FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

rubygem-geminabox -- XSS vulnerabilities

Affected packages
rubygem-geminabox < 0.13.10

Details

VuXML ID 27b38d85-c891-11e7-a7bd-cd1209e563f2
Discovery 2017-11-13
Entry 2017-11-13

NVD reports:

Stored cross-site scripting (XSS) vulnerability in "geminabox" (Gem in a Box) before 0.13.10 allows attackers to inject arbitrary web script via the "homepage" value of a ".gemspec" file, related to views/gem.erb and views/index.erb.

References

CVE Name CVE-2017-16792
URL https://nvd.nist.gov/vuln/detail/CVE-2017-16792