GHSA-pxr8-w3jq-rcwj

Source

https://github.com/advisories/GHSA-pxr8-w3jq-rcwj

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2018/03/GHSA-pxr8-w3jq-rcwj/GHSA-pxr8-w3jq-rcwj.json

Aliases

CVE-2017-12098

Published

2018-03-05T19:37:23Z

Modified

2024-02-20T05:27:49.072395Z

Details

An exploitable cross site scripting (XSS) vulnerability exists in the add filter functionality of the rails_admin rails gem version 1.2.0. A specially crafted URL can cause an XSS flaw resulting in an attacker being able to execute arbitrary javascript on the victim's browser. An attacker can phish an authenticated user to trigger this vulnerability.

References

Affected packages

RubyGems / rails_admin

Package

Name: rails_admin

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

1.3.0

Affected versions

0.*

0.0.1

0.0.2

0.0.3

0.0.4

0.0.5

0.1.0

0.1.1

0.1.2

0.2.0

0.3.0

0.4.0

0.4.1

0.4.2

0.4.3

0.4.4

0.4.5

0.4.6

0.4.7

0.4.8

0.4.9

0.5.0

0.6.0

0.6.1

0.6.2

0.6.3

0.6.4

0.6.5

0.6.6

0.6.7

0.6.8

0.7.0

0.8.1

1.*

1.0.0.rc

1.0.0

1.1.0

1.1.1

1.2.0