Filtered by vendor Geminabox Project
Subscribe
Total
3 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-14683 | 1 Geminabox Project | 1 Geminabox | 2025-04-20 | 6.8 MEDIUM | 8.8 HIGH |
| geminabox (aka Gem in a Box) before 0.13.7 has CSRF, as demonstrated by an unintended gem upload. | |||||
| CVE-2017-14506 | 1 Geminabox Project | 1 Geminabox | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
| geminabox (aka Gem in a Box) before 0.13.6 has XSS, as demonstrated by uploading a gem file that has a crafted gem.homepage value in its .gemspec file. | |||||
| CVE-2017-16792 | 1 Geminabox Project | 1 Geminabox | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| Stored cross-site scripting (XSS) vulnerability in "geminabox" (Gem in a Box) before 0.13.10 allows attackers to inject arbitrary web script via the "homepage" value of a ".gemspec" file, related to views/gem.erb and views/index.erb. | |||||