Lucene search
Veracode Vulnerability DatabaseVERACODE:5695HistoryJan 12, 2018 - 7:13 a.m.
Cross-site Scripting (XSS)
2018-01-1207:13:05
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
2
0.001 Low
EPSS
Percentile
40.8%
delayed_job_web is vulnerable to cross-site scripting (XSS) attacks. The vulnerability exists due to the lack of sanitization of the queues variable, allowing arbitrary javascript to be executed.
| CPE | Name | Operator | Version |
|---|---|---|---|
| delayed_job_web | eq | 1.4 | |
| delayed_job_web | eq | 1.4 |
References
www.securityfocus.com/bid/102484
github.com/ejschmitt/delayed_job_web/issues/101
github.com/ejschmitt/delayed_job_web/pull/104
mdb-dev.es/2018/01/11/vulnerability-spotlight-ruby-rails-gem-xss-vulnerabilities/
www.talosintelligence.com/reports/TALOS-2017-0449
www.talosintelligence.com/vulnerability_reports/TALOS-2017-0449
Related
osv
osv
delayed_job_web Cross-site Scripting vulnerability
2018-03-05 19:06:00
CVE-2017-12097
2018-01-19 20:29:00
nvd
nvd
CVE-2017-12097
2018-01-19 20:29:00
seebug
seebug
Rails delayed_job_web XSS(CVE-2017-12097)
2018-01-11 00:00:00
prion
prion
Cross site scripting
2018-01-19 20:29:00
talos
talos
delayed_job_web rails gem XSS vulnerability
2018-01-10 00:00:00
zdt
zdt
Ruby on Rails gem version 1.4 delayed_job_web XSS Vulnerability
2018-01-15 00:00:00
cvelist
cvelist
CVE-2017-12097
2018-01-10 00:00:00
github
github
delayed_job_web Cross-site Scripting vulnerability
2018-03-05 19:06:00
cve
cve
CVE-2017-12097
2018-01-19 20:29:00
talosblog
talosblog
Vulnerability Spotlight: Ruby Rails Gem XSS Vulnerabilities
2018-01-10 06:03:00