CVE-2017-12098

N/A

An exploitable cross site scripting (XSS) vulnerability exists in the add filter functionality of the rails_admin rails gem version 1.2.0. A specially crafted URL can cause an XSS flaw resulting in an attacker being able to execute arbitrary javascript on the victim's browser. An attacker can phish an authenticated user to trigger this vulnerability.

N/A

N/A

rails_admin rails gem 跨站脚本漏洞

rails_admin rails gem是一款能够提供控制界面用来管理数据的Rails引擎。 rails_admin rails gem 1.2.0版本中的添加过滤器功能存在跨站脚本漏洞，该漏洞源于程序没有充分的过滤用户提交的输入。远程攻击者可借助特制的URL利用该漏洞在浏览器中执行任意脚本代码。

N/A

N/A