Medium severity6.1NVD Advisory· Published Nov 13, 2017· Updated Jun 17, 2026
CVE-2017-16792
CVE-2017-16792
Description
Stored cross-site scripting (XSS) vulnerability in "geminabox" (Gem in a Box) before 0.13.10 allows attackers to inject arbitrary web script via the "homepage" value of a ".gemspec" file, related to views/gem.erb and views/index.erb.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
geminaboxRubyGems | < 0.13.10 | 0.13.10 |
Affected products
2Patches
Vulnerability mechanics
References
5- github.com/advisories/GHSA-653m-r33x-39ffghsaADVISORY
- github.com/geminabox/geminabox/blob/master/CHANGELOG.mdnvdRelease NotesThird Party AdvisoryWEB
- nvd.nist.gov/vuln/detail/CVE-2017-16792ghsaADVISORY
- github.com/geminabox/geminabox/commit/f8429a9e364658459add170e4ebc7a5d3b4759e7nvdIssue TrackingWEB
- rubygems.org/gems/geminabox/versions/0.13.10nvdProductWEB
News mentions
0No linked articles in our index yet.