CVE-2017-16833

Published: Nov 15, 2017 Last Modified: Apr 20, 2025 EU-VD ID: EUVD-2017-0356 Aliases: GHSA-x7p2-x2j6-mwhr

ExploitDB:

Other exploit source:

Google Dorks:

MEDIUM 6,1

Source: [email protected]

Attack Vector: network

Attack Complexity: low

Privileges Required: none

User Interaction: required

Scope: changed

Confidentiality: low

Integrity: low

Availability: none

MEDIUM 4,3

Source: [email protected]

Access Vector: network

Access Complexity: medium

Authentication: none

Confidentiality: none

Integrity: partial

Availability: none

Description

AI Translation Available

Stored cross-site scripting (XSS) vulnerability in Gemirro before 0.16.0 allows attackers to inject arbitrary web script via a crafted javascript: URL in the 'homepage' value of a '.gemspec' file.

EPSS (Exploit Prediction Scoring System)

Trend Analysis

EPSS (Exploit Prediction Scoring System)

Prevede la probabilità di sfruttamento basata su intelligence sulle minacce e sulle caratteristiche della vulnerabilità.

EPSS Score

0,0033

Percentile

0,6th

Updated

EPSS Score Trend (Last 90 Days)

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Stable

Abstraction: Base Structure: Simple

Common Consequences

Security Scopes Affected:

Access Control Confidentiality Integrity Availability

Potential Impacts:

Bypass Protection Mechanism Read Application Data Execute Unauthorized Code Or Commands

Applicable Platforms

Technologies: AI/ML, Web Based, Web Server

Likelihood of Exploit: High

View CWE Details

Application

Gemirro by Gemirro Project

Product Information

Vendor Gemirro Project

Product Gemirro

Version Range Affected

To 0.16.0 (exclusive)

CPE Identifier

View Detailed Analysis


                  cpe:2.3:a:gemirro_project:gemirro:*:*:*:*:*:ruby:*:*

Common Platform Enumeration - Standardized vulnerability identification

https://github.com/PierreRambaud/gemirro/commit/9659f9b7ce1…

Patch Third Party Advisory

https://github.com/PierreRambaud/gemirro/commit/9659f9b7ce15a723da8e361bd41b920…

https://github.com/PierreRambaud/gemirro/commit/9659f9b7ce1…

Patch Third Party Advisory

https://github.com/PierreRambaud/gemirro/commit/9659f9b7ce15a723da8e361bd41b920…

CVE-2017-16833

Description

EPSS (Exploit Prediction Scoring System)

EPSS (Exploit Prediction Scoring System)

EPSS Score Trend (Last 90 Days)

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Common Consequences

Applicable Platforms

Gemirro by Gemirro Project

Product Information

Iscriviti alla newsletter