CVE-2017-12098: Cross-site Scripting

January 19, 2018 (updated February 2, 2018)

An exploitable cross site scripting (XSS) vulnerability exists in the “add filter” functionality of the rails_admin rails gem. A specially crafted URL can cause an XSS flaw resulting in an attacker being able to execute arbitrary javascript on the victim’s browser. An attacker can phish an authenticated user to trigger this vulnerability.

References

www.securityfocus.com/bid/102486
nvd.nist.gov/vuln/detail/CVE-2017-12098

Code Behaviors & Features

Detect and mitigate CVE-2017-12098 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →