RubyGems 'delayed_job_web' CVE-2017-12097 Cross Site Scripting Vulnerability



RubyGems 'delayed_job_web' is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied input.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.

RubyGems delayed_job_web 1.4.0 is vulnerable; other versions may also be affected.

Information

Bugtraq ID: 102484
Class: Input Validation Error
CVE: CVE-2017-12097

Remote: Yes
Local: No
Published: Jan 10 2018 12:00AM
Updated: Jan 10 2018 12:00AM
Credit: Cisco Talos
Vulnerable: RubyGems delayed_job_web 1.4


Not Vulnerable:

Exploit


To exploit this issue an attacker must entice an unsuspecting victim to follow a malicious URI.


Related Posts