CVE-2017-12097 – delayed_job_web

Package

Manager: gem
Name: delayed_job_web
Vulnerable Version: >=1.2.9 <1.4.2

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00398 pctl0.59803

Details

delayed_job_web Cross-site Scripting vulnerability An exploitable cross site scripting (XSS) vulnerability exists in the filter functionality of the delayed_job_web rails gem versions 1.2.9 before 1.4.2. A specially crafted URL can cause an XSS flaw resulting in an attacker being able to execute arbitrary javascript on the victim's browser. An attacker can phish an authenticated user to trigger this vulnerability.

Metadata

Created: 2018-03-05T19:06:00Z
Modified: 2023-08-29T11:24:57Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2018/03/GHSA-w7q9-xr2x-wh7x/GHSA-w7q9-xr2x-wh7x.json
CWE IDs: ["CWE-79"]
Alternative ID: GHSA-w7q9-xr2x-wh7x
Finding: F008
Auto approve: 1