CVE-2017-12098

Name of the Vulnerable Software and Affected Versions rails admin rails gem version 1.2.0

Description A cross site scripting (XSS) issue exists in the add filter functionality. This can be triggered by a specially crafted URL, allowing an attacker to execute arbitrary javascript on the victim's browser. An attacker can phish an authenticated user to trigger this issue.

Recommendations For rails admin rails gem version 1.2.0, consider disabling the add filter functionality until a patch is available to prevent exploitation. Restrict access to the add filter feature to minimize the risk of arbitrary javascript execution. Avoid using the add filter functionality in the rails admin rails gem until the issue is resolved.