CVE-2017-12098

Source
https://nvd.nist.gov/vuln/detail/CVE-2017-12098
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-12098.json
Aliases
Published
2018-01-19T19:29:00Z
Modified
2023-11-29T05:59:41.048945Z
Details

An exploitable cross site scripting (XSS) vulnerability exists in the add filter functionality of the rails_admin rails gem version 1.2.0. A specially crafted URL can cause an XSS flaw resulting in an attacker being able to execute arbitrary javascript on the victim's browser. An attacker can phish an authenticated user to trigger this vulnerability.

References

Affected packages

Git / github.com/sferik/rails_admin

Affected ranges

Type
GIT
Repo
https://github.com/sferik/rails_admin
Events
Introduced
0The exact introduced commit is unknown
Last affected
3d12fd1b6ea4ab70f149cd6a70deb3ca18207083

Affected versions

v0.*

v0.0.1
v0.0.2
v0.0.3
v0.0.4
v0.0.5
v0.1.0
v0.1.1
v0.1.2
v0.2.0
v0.3.0
v0.4.0
v0.4.1
v0.4.2
v0.4.3
v0.4.5
v0.4.6
v0.4.7
v0.4.8
v0.4.9
v0.5.0
v0.6.0
v0.6.1
v0.6.2
v0.6.3
v0.6.4
v0.6.5
v0.6.6
v0.6.7
v0.6.8
v0.7.0
v0.8.0
v0.8.1

v1.*

v1.0.0
v1.0.0.rc
v1.1.0
v1.1.1
v1.2.0