CVE-2017-12098 – rails_admin

Package

Manager: gem
Name: rails_admin
Vulnerable Version: >=0 <1.3.0

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00397 pctl0.59781

Details

rails_admin ruby gem XSS An exploitable cross site scripting (XSS) vulnerability exists in the add filter functionality of the rails_admin rails gem version 1.2.0. A specially crafted URL can cause an XSS flaw resulting in an attacker being able to execute arbitrary javascript on the victim's browser. An attacker can phish an authenticated user to trigger this vulnerability.

Metadata

Created: 2018-03-05T19:37:23Z
Modified: 2023-07-03T21:59:02Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2018/03/GHSA-pxr8-w3jq-rcwj/GHSA-pxr8-w3jq-rcwj.json
CWE IDs: ["CWE-79"]
Alternative ID: GHSA-pxr8-w3jq-rcwj
Finding: F008
Auto approve: 1