An exploitable cross site scripting (XSS) vulnerability exists in the filter functionality of the delayed_job_web rails gem version 1.4. A specially crafted URL can cause an XSS flaw resulting in an attacker being able to execute arbitrary javascript on the victim's browser. An attacker can phish an authenticated user to trigger this vulnerability.
References
Link | Resource |
---|---|
http://www.securityfocus.com/bid/102484 | Broken Link Third Party Advisory VDB Entry |
https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0449 | Exploit Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: talos
Published: 2018-01-10T00:00:00
Updated: 2022-04-19T18:19:51
Reserved: 2017-07-31T00:00:00
Link: CVE-2017-12097
JSON object: View
NVD Information
Status : Analyzed
Published: 2018-01-19T20:29:00.250
Modified: 2023-01-28T01:34:20.987
Link: CVE-2017-12097
JSON object: View
Redhat Information
No data.
CWE