Lucene search
K

28 matches found

CVE
CVE
added 2018/01/19 7:0 p.m.102 views

CVE-2017-12098

CVE-2017-12098 is an XSS vulnerability in the rails_admin gem (version 1.2.0) affecting the add filter functionality. A specially crafted URL can cause an attacker to execute arbitrary JavaScript in an authenticated user’s browser (phishing possible). This is documented across multiple sources (N...

6.1CVSS5.8AI score0.01279EPSS
Exploits3References2Affected Software1
Cvelist
Cvelist
added 2018/01/19 7:0 p.m.34 views

CVE-2017-12098

An exploitable cross site scripting XSS vulnerability exists in the add filter functionality of the railsadmin rails gem version 1.2.0. A specially crafted URL can cause an XSS flaw resulting in an attacker being able to execute arbitrary javascript on the victim's browser. An attacker can phish ...

6.1CVSS5.9AI score0.01279EPSS
Exploits3References2
Veracode
Veracode
added 2018/01/12 7:2 a.m.16 views

Cross-site Scripting (XSS)

railsadmin is vulnerable to cross-site scripting XSS. The vulnerability exists in the add filter function and it allows arbitrary javascript to be executed when loaded...

6.1CVSS5.8AI score0.01279EPSS
Exploits3References7Affected Software1
seebug.org
seebug.org
added 2018/01/11 12:0 a.m.26 views

rails_admin rails gem XSS vulnerability(CVE-2017-12098)

Summary An exploitable XSS vulnerability exists in the add filter functionality of the railsadmin rails gem version 1.2.0. A specially crafted URL can cause an XSS flaw resulting in an attacker being able to execute arbitrary javascript on the victim’s browser. An attacker can phish an...

6.3AI score0.01279EPSS
Exploits3
Talos Blog
Talos Blog
added 2018/01/10 6:3 a.m.103 views

Vulnerability Spotlight: Ruby Rails Gem XSS Vulnerabilities

Vulnerabilities discovered by Zachary Sanchez of Cisco ASIG Overview Talos has discovered two XSS vulnerabilities in Ruby Rails Gems. Rails is a Ruby framework designed to create web services or web pages. Ruby Gems is a package manager for distributing software packages as 'gems'. The two XSS...

4.3CVSS6.9AI score0.01279EPSS
Exploits6
RubySec
RubySec
added 2018/01/10 12:0 a.m.18 views

rails_admin ruby gem XSS vulnerability

An exploitable cross site scripting XSS vulnerability exists in the add filter functionality of the railsadmin rails gem version 1.2.0. A specially crafted URL can cause an XSS flaw resulting in an attacker being able to execute arbitrary javascript on the victim's browser. An attacker can phish ...

6.1CVSS4AI score0.01279EPSS
Exploits3References1Affected Software1
Veracode
Veracode
added 2016/12/27 1:13 a.m.29 views

Cross-site Request Forgery (CSRF)

railsadmin, and several other libraries, are vulnerable to cross-site request forgery CSRF attacks. Non-GET methods in the affect libraries are found to not validate CSRF tokens. It is possible for an attacker to gain access to a site's administrative endpoints that are exposed by the gem. The...

8.8CVSS8.7AI score0.00983EPSS
Exploits1References5Affected Software44
RubySec
RubySec
added 2016/12/21 12:0 a.m.40 views

CSRF vulnerability in rails_admin

The railsadmin gem is vulnerable to cross-site request forgery CSRF attacks. Due to a bug, non-GET methods were not validating CSRF tokens and, as a result, an attacker could hypothetically gain access to the application administrative endpoints exposed by the gem...

8.8CVSS2.4AI score0.00983EPSS
Exploits1References1Affected Software1
Rows per page
Query Builder