CVE-2017-12097

Name of the Vulnerable Software and Affected Versions delayed job web rails gem versions 1.2.9 through 1.4

Description An exploitable cross site scripting (XSS) issue exists in the filter functionality. A specially crafted URL can cause an XSS flaw, allowing an attacker to execute arbitrary javascript on the victim's browser. This can be triggered by phishing an authenticated user.

Recommendations For versions 1.2.9 through 1.4, update to version 1.4.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the filter functionality until a patch is available. Avoid using specially crafted URLs in the affected gem until the issue is resolved.