CVE-2017-16792
medium
CVSS v3
6.1
CVSS v2
4.3
VIR risk
6.1
Description
Geminabox contains Cross-site Scripting
Predictions
Exploit likelihood
71%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Vendor advisory: cve@mitre.org — https://github.com/geminabox/geminabox/blob/master/CHANGELOG.md
Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| geminabox_project | geminabox | {"endExcluding":"0.13.10"} | 0.13.10 |
References
- https://github.com/geminabox/geminabox/blob/master/CHANGELOG.md#01310-2017-11-13
- https://github.com/geminabox/geminabox/blob/master/CHANGELOG.md
- https://github.com/geminabox/geminabox/commit/f8429a9e364658459add170e4ebc7a5d3b4759e7
- https://rubygems.org/gems/geminabox/versions/0.13.10
- https://nvd.nist.gov/vuln/detail/CVE-2017-16792
- https://github.com/geminabox/geminabox
CWEs
CWE-79
Verify integrity in audit chain (admin only). AS-IS.