RubyGems 'rails_admin' CVE-2017-12098 Cross Site Scripting Vulnerability



RubyGems 'rails_admin' is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied input.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.

RubyGems rails_admin 1.2 is vulnerable; other versions may also be affected.

Information

Bugtraq ID: 102486
Class: Input Validation Error
CVE: CVE-2017-12098

Remote: Yes
Local: No
Published: Jan 10 2018 12:00AM
Updated: Jan 10 2018 12:00AM
Credit: Cisco Talos
Vulnerable: RubyGems rails_admin 1.2


Not Vulnerable:

Exploit


To exploit this issue an attacker must entice an unsuspecting victim to follow a malicious URI.


Related Posts

Comments