EUVD-2018-0185

Malware in sbrugna...

GHSA-W7Q9-XR2X-WH7X delayed_job_web Cross-site Scripting vulnerability

An exploitable cross site scripting XSS vulnerability exists in the filter functionality of the delayedjobweb rails gem versions 1.2.9 before 1.4.2. A specially crafted URL can cause an XSS flaw resulting in an attacker being able to execute arbitrary javascript on the victim's browser. An attack...

delayed_job_web Cross-site Scripting vulnerability

An exploitable cross site scripting XSS vulnerability exists in the filter functionality of the delayedjobweb rails gem versions 1.2.9 before 1.4.2. A specially crafted URL can cause an XSS flaw resulting in an attacker being able to execute arbitrary javascript on the victim's browser. An attack...

Cross site scripting

An exploitable cross site scripting XSS vulnerability exists in the filter functionality of the delayedjobweb rails gem version 1.4. A specially crafted URL can cause an XSS flaw resulting in an attacker being able to execute arbitrary javascript on the victim's browser. An attacker can phish an...

CVE-2017-12097

An exploitable cross site scripting XSS vulnerability exists in the filter functionality of the delayedjobweb rails gem version 1.4. A specially crafted URL can cause an XSS flaw resulting in an attacker being able to execute arbitrary javascript on the victim's browser. An attacker can phish an...

CVE-2017-12097

An exploitable cross site scripting XSS vulnerability exists in the filter functionality of the delayedjobweb rails gem version 1.4. A specially crafted URL can cause an XSS flaw resulting in an attacker being able to execute arbitrary javascript on the victim's browser. An attacker can phish an...

CVE-2017-12097

CVE-2017-12097 affects the delayed_job_web rail gem, where the filter functionality is vulnerable to cross-site scripting. A specially crafted URL can cause arbitrary JavaScript execution in the victim’s browser, enabling an attacker to phish an authenticated user. Affected versions include 1.2.9...

Ruby on Rails gem version 1.4 delayed_job_web XSS Vulnerability

Exploit for ruby platform in category web applications Summary An exploitable XSS vulnerability exists in the filter functionality of the delayedjobweb rails gem version 1.4. A specially crafted URL can cause an XSS flaw resulting in an attacker being able to execute arbitrary javascript on the...

Cross-site Scripting (XSS)

delayedjobweb is vulnerable to cross-site scripting XSS attacks. The vulnerability exists due to the lack of sanitization of the queues variable, allowing arbitrary javascript to be executed...

RubyGems 'delayed_job_web' Cross-Site Scripting Vulnerability

RubyGems delayedjobweb is a web management tool for delayedjob task delay. A cross-site scripting vulnerability exists in RubyGems 'delayedjobweb' version 1.4.0, which stems from the program failing to adequately filter user-submitted input. A remote attacker can exploit this vulnerability to...

Rails delayed_job_web XSS(CVE-2017-12097)

Summary An exploitable XSS vulnerability exists in the filter functionality of the delayedjobweb rails gem version 1.4. A specially crafted URL can cause an XSS flaw resulting in an attacker being able to execute arbitrary javascript on the victim’s browser. An attacker can phish an authenticated...

Vulnerability Spotlight: Ruby Rails Gem XSS Vulnerabilities

Vulnerabilities discovered by Zachary Sanchez of Cisco ASIG Overview Talos has discovered two XSS vulnerabilities in Ruby Rails Gems. Rails is a Ruby framework designed to create web services or web pages. Ruby Gems is a package manager for distributing software packages as 'gems'. The two XSS...

delayed_job_web rails gem XSS vulnerability

Summary An exploitable XSS vulnerability exists in the filter functionality of the delayedjobweb rails gem version 1.4. A specially crafted URL can cause an XSS flaw resulting in an attacker being able to execute arbitrary javascript on the victim’s browser. An attacker can phish an authenticated...

delayed_job_web ruby gem XSS vulnerability via `queues` parameter

An exploitable cross site scripting XSS vulnerability exists in the filter functionality of the delayedjobweb ruby gem. A specially crafted URL can cause an XSS flaw resulting in an attacker being able to execute arbitrary javascript on the victim's browser. An attacker can phish an authenticated...

Cross-Site Scripting (XSS)

delayedjobweb is vulnerable to cross-site scripting XSS attacks. The page that displays the queued jobs doesn't escape content, allowing a malicious user to inject and execute arbitrary Javascript...