Stored Cross-Site Scripting (XSS) Vulnerability in geminabox (Gem in a Box) before 0.13.10 via .gemspec File Homepage Value

Stored Cross-Site Scripting (XSS) Vulnerability in geminabox (Gem in a Box) before 0.13.10 via .gemspec File Homepage Value

CVE-2017-16792 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Stored cross-site scripting (XSS) vulnerability in "geminabox" (Gem in a Box) before 0.13.10 allows attackers to inject arbitrary web script via the "homepage" value of a ".gemspec" file, related to views/gem.erb and views/index.erb.

Learn more about our Web App Pen Testing.