Recently I got an opportunity to test Refinery CMS, often shortened to Refinery, is an open source content management system written in Ruby as a Ruby on Rails web application with jQuery used as the JavaScript library. Refinery CMS supports Rails 3.2 and Rails 4.2. Refinery differs from similar products by targeting a non-technical end user and allowing the developer to create a flexible website rapidly by staying as close as possible to the conventions of the Ruby on Rails framework.
During testing period of 3 days, I found multiple XSS and CSRF vulnerabilities in Refinery CMS.
A detailed report which is a step by step guide to reproduce the vulnerabilities can be found here.
Download
