28 matches found
CVE-2017-12098
CVE-2017-12098 is an XSS vulnerability in the rails_admin gem (version 1.2.0) affecting the add filter functionality. A specially crafted URL can cause an attacker to execute arbitrary JavaScript in an authenticated user’s browser (phishing possible). This is documented across multiple sources (N...
CVE-2017-12098
An exploitable cross site scripting XSS vulnerability exists in the add filter functionality of the railsadmin rails gem version 1.2.0. A specially crafted URL can cause an XSS flaw resulting in an attacker being able to execute arbitrary javascript on the victim's browser. An attacker can phish ...
Cross-site Scripting (XSS)
railsadmin is vulnerable to cross-site scripting XSS. The vulnerability exists in the add filter function and it allows arbitrary javascript to be executed when loaded...
rails_admin rails gem XSS vulnerability(CVE-2017-12098)
Summary An exploitable XSS vulnerability exists in the add filter functionality of the railsadmin rails gem version 1.2.0. A specially crafted URL can cause an XSS flaw resulting in an attacker being able to execute arbitrary javascript on the victim’s browser. An attacker can phish an...
Vulnerability Spotlight: Ruby Rails Gem XSS Vulnerabilities
Vulnerabilities discovered by Zachary Sanchez of Cisco ASIG Overview Talos has discovered two XSS vulnerabilities in Ruby Rails Gems. Rails is a Ruby framework designed to create web services or web pages. Ruby Gems is a package manager for distributing software packages as 'gems'. The two XSS...
rails_admin ruby gem XSS vulnerability
An exploitable cross site scripting XSS vulnerability exists in the add filter functionality of the railsadmin rails gem version 1.2.0. A specially crafted URL can cause an XSS flaw resulting in an attacker being able to execute arbitrary javascript on the victim's browser. An attacker can phish ...
Cross-site Request Forgery (CSRF)
railsadmin, and several other libraries, are vulnerable to cross-site request forgery CSRF attacks. Non-GET methods in the affect libraries are found to not validate CSRF tokens. It is possible for an attacker to gain access to a site's administrative endpoints that are exposed by the gem. The...
CSRF vulnerability in rails_admin
The railsadmin gem is vulnerable to cross-site request forgery CSRF attacks. Due to a bug, non-GET methods were not validating CSRF tokens and, as a result, an attacker could hypothetically gain access to the application administrative endpoints exposed by the gem...