CVE-2017-12098: Cross-site Scripting
(updated )
An exploitable cross site scripting (XSS) vulnerability exists in the “add filter” functionality of the rails_admin rails gem. A specially crafted URL can cause an XSS flaw resulting in an attacker being able to execute arbitrary javascript on the victim’s browser. An attacker can phish an authenticated user to trigger this vulnerability.
References
Detect and mitigate CVE-2017-12098 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →