CVE-2017-12098

An exploitable cross site scripting (XSS) vulnerability exists in the add filter functionality of the rails_admin rails gem version 1.2.0. A specially crafted URL can cause an XSS flaw resulting in an attacker being able to execute arbitrary javascript on the victim's browser. An attacker can phish an authenticated user to trigger this vulnerability.
References
Link Resource
http://www.securityfocus.com/bid/102486 Broken Link Third Party Advisory VDB Entry
https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0450 Exploit Third Party Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:rails_admin_project:rails_admin:1.2.0:*:*:*:*:ruby:*:*

History

No history.

Information

Published : 2018-01-19 19:29

Updated : 2024-02-28 16:25


NVD link : CVE-2017-12098

Mitre link : CVE-2017-12098

CVE.ORG link : CVE-2017-12098


JSON object : View

Products Affected

rails_admin_project

  • rails_admin
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')