GHSA-pxr8-w3jq-rcwj

Source

https://github.com/advisories/GHSA-pxr8-w3jq-rcwj

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2018/03/GHSA-pxr8-w3jq-rcwj/GHSA-pxr8-w3jq-rcwj.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-pxr8-w3jq-rcwj

Aliases

CVE-2017-12098

Published

2018-03-05T19:37:23Z

Modified

2024-02-20T05:27:49.072395Z

Severity

6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

rails_admin ruby gem XSS

Details

An exploitable cross site scripting (XSS) vulnerability exists in the add filter functionality of the rails_admin rails gem version 1.2.0. A specially crafted URL can cause an XSS flaw resulting in an attacker being able to execute arbitrary javascript on the victim's browser. An attacker can phish an authenticated user to trigger this vulnerability.

Database specific

{
    "nvd_published_at": "2018-01-19T19:29:00Z",
    "cwe_ids": [
        "CWE-79"
    ],
    "severity": "MODERATE",
    "github_reviewed": true,
    "github_reviewed_at": "2020-06-16T21:50:19Z"
}

References

Affected packages

RubyGems / rails_admin

Package

Name: rails_admin
Purl: pkg:gem/rails_admin

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.3.0

Affected versions

0.*

0.0.1

0.0.2

0.0.3

0.0.4

0.0.5

0.1.0

0.1.1

0.1.2

0.2.0

0.3.0

0.4.0

0.4.1

0.4.2

0.4.3

0.4.4

0.4.5

0.4.6

0.4.7

0.4.8

0.4.9

0.5.0

0.6.0

0.6.1

0.6.2

0.6.3

0.6.4

0.6.5

0.6.6

0.6.7

0.6.8

0.7.0

0.8.1

1.*

1.0.0.rc

1.0.0

1.1.0

1.1.1

1.2.0