vulnerability
Ubuntu: (CVE-2017-12098): ruby-rails-admin vulnerability
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 4 | (AV:N/AC:M/Au:N/C:N/I:P/A:N) | Jan 19, 2018 | Jun 26, 2025 | Jun 26, 2025 |
Severity
4
CVSS
(AV:N/AC:M/Au:N/C:N/I:P/A:N)
Published
Jan 19, 2018
Added
Jun 26, 2025
Modified
Jun 26, 2025
Description
An exploitable cross site scripting (XSS) vulnerability exists in the add filter functionality of the rails_admin rails gem version 1.2.0. A specially crafted URL can cause an XSS flaw resulting in an attacker being able to execute arbitrary javascript on the victim's browser. An attacker can phish an authenticated user to trigger this vulnerability.
Solution
no-fix-ubuntu-package
References
- CVE-2017-12098
- https://attackerkb.com/topics/CVE-2017-12098
- URL-https://github.com/sferik/rails_admin/commit/44f09ed72b5e0e917a5d61bd89c48d97c494b41c
- URL-https://github.com/sferik/rails_admin/issues/2985
- URL-https://www.cve.org/CVERecord?id=CVE-2017-12098
- URL-https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0450
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.