Ruby · Geminabox · CVE-2017-16792
**Name of the Vulnerable Software and Affected Versions**
geminabox versions prior to 0.13.10
**Description**
A stored cross-site scripting (XSS) issue allows attackers to inject arbitrary web script via the `homepage` value of a `.gemspec` file. This is related to the views/gem.erb and views/index.erb files.
**Recommendations**
For versions prior to 0.13.10, update to version 0.13.10 or later to resolve the issue. As a temporary workaround, consider restricting the ability to modify the `homepage` value in `.gemspec` files to minimize the risk of exploitation.