An exploitable cross site scripting (XSS) vulnerability exists in the filter functionality of the delayed_job_web rails gem versions 1.2.9 before 1.4.2. A specially crafted URL can cause an XSS flaw resulting in an attacker being able to execute arbitrary javascript on the victim's browser. An attacker can phish an authenticated user to trigger this vulnerability.

Affected Packages

RubyGems delayed_job_web

Affected versions: 1.2.9 (fixed in 1.4.2)

Related CVEs

CVE-2017-12097

Key Information

GHSA ID

GHSA-w7q9-xr2x-wh7x

Published

March 5, 2018 7:06 PM

Last Modified

August 29, 2023 11:24 AM

CVSS Score

5.0 /10

Primary Ecosystem

RubyGems

Primary Package

delayed_job_web

GitHub Reviewed

✓ Yes

Dataset

Last updated: July 6, 2025 6:30 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.