CVE-2017-12097

Description

An exploitable cross site scripting (XSS) vulnerability exists in the filter functionality of the delayed_job_web rails gem version 1.4. A specially crafted URL can cause an XSS flaw resulting in an attacker being able to execute arbitrary javascript on the victims browser. An attacker can phish an authenticated user to trigger this vulnerability.

Risk Information

Base Score

6.1

MODERATE

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS Score

Exploitation Probability

0.398

Associated Vulnerability

Vulnerability	OS Platform
Vulnerabilities CVE-2017-12097 are fixed in Ruby-delayed_job_web 1.4.2	Windows
Vulnerabilities CVE-2017-12097 are fixed in Ruby-delayed_job_web for Linux 1.4.2	Linux

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234