CVE-2017-12098

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2017-12098

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-12098.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2017-12098

Aliases

GHSA-pxr8-w3jq-rcwj

Downstream

UBUNTU-CVE-2017-12098

Published

2018-01-19T19:29:00Z

Modified

2025-07-29T07:38:05.251547Z

Severity

6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

An exploitable cross site scripting (XSS) vulnerability exists in the add filter functionality of the rails_admin rails gem version 1.2.0. A specially crafted URL can cause an XSS flaw resulting in an attacker being able to execute arbitrary javascript on the victim's browser. An attacker can phish an authenticated user to trigger this vulnerability.

References

Affected packages

Git / github.com/sferik/rails_admin

Affected ranges

Type: GIT
Repo: https://github.com/sferik/rails_admin
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

3d12fd1b6ea4ab70f149cd6a70deb3ca18207083

Affected versions

v0.*

v0.0.1

v0.0.2

v0.0.3

v0.0.4

v0.0.5

v0.1.0

v0.1.1

v0.1.2

v0.2.0

v0.3.0

v0.4.0

v0.4.1

v0.4.2

v0.4.3

v0.4.5

v0.4.6

v0.4.7

v0.4.8

v0.4.9

v0.5.0

v0.6.0

v0.6.1

v0.6.2

v0.6.3

v0.6.4

v0.6.5

v0.6.6

v0.6.7

v0.6.8

v0.7.0

v0.8.0

v0.8.1

v1.*

v1.0.0

v1.0.0.rc

v1.1.0

v1.1.1

v1.2.0