Medium severity6.1NVD Advisory· Published Jan 19, 2018· Updated Jun 17, 2026
CVE-2017-12098
CVE-2017-12098
Description
An exploitable cross site scripting (XSS) vulnerability exists in the add filter functionality of the rails_admin rails gem version 1.2.0. A specially crafted URL can cause an XSS flaw resulting in an attacker being able to execute arbitrary javascript on the victim's browser. An attacker can phish an authenticated user to trigger this vulnerability.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
rails_adminRubyGems | < 1.3.0 | 1.3.0 |
Affected products
1Patches
Vulnerability mechanics
References
6- www.talosintelligence.com/vulnerability_reports/TALOS-2017-0450nvdExploitThird Party AdvisoryWEB
- www.securityfocus.com/bid/102486nvdBroken LinkThird Party AdvisoryVDB Entry
- github.com/advisories/GHSA-pxr8-w3jq-rcwjghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2017-12098ghsaADVISORY
- github.com/rubysec/ruby-advisory-db/blob/master/gems/rails_admin/CVE-2017-12098.ymlghsaWEB
- web.archive.org/web/20210116160904/http://www.securityfocus.com/bid/102486ghsaWEB
News mentions
0No linked articles in our index yet.