Yasin Soliman

2 exploits Active since Sep 2017
CVE-2017-14683 WRITEUP HIGH WRITEUP
geminabox < 0.13.7 - Cross-Site Request Forgery via Unintended Gem Upload
geminabox (aka Gem in a Box) before 0.13.7 has CSRF, as demonstrated by an unintended gem upload.
CVSS 8.8
CVE-2017-16792 WRITEUP MEDIUM WRITEUP
geminabox < 0.13.10 - Stored Cross-Site Scripting via Gemspec Homepage Value
Stored cross-site scripting (XSS) vulnerability in "geminabox" (Gem in a Box) before 0.13.10 allows attackers to inject arbitrary web script via the "homepage" value of a ".gemspec" file, related to views/gem.erb and views/index.erb.
CVSS 6.1