CVE-2024-39308
- EPSS 2.46%
- Veröffentlicht 08.07.2024 15:15:22
- Zuletzt bearbeitet 21.11.2024 09:27:25
RailsAdmin is a Rails engine that provides an interface for managing data. RailsAdmin list view has the XSS vulnerability, caused by improperly-escaped HTML title attribute. Upgrade to 3.1.3 or 2.2.2 (to be released).
CVE-2020-36190
- EPSS 0.31%
- Veröffentlicht 12.01.2021 20:15:24
- Zuletzt bearbeitet 21.11.2024 05:28:58
RailsAdmin (aka rails_admin) before 1.4.3 and 2.x before 2.0.2 allows XSS via nested forms.
CVE-2016-10522
- EPSS 0.15%
- Veröffentlicht 05.07.2018 16:29:00
- Zuletzt bearbeitet 21.11.2024 02:44:11
rails_admin ruby gem <v1.1.1 is vulnerable to cross-site request forgery (CSRF) attacks. Non-GET methods were not validating CSRF tokens and, as a result, an attacker could hypothetically gain access to the application administrative endpoints expose...
CVE-2017-12098
- EPSS 0.4%
- Veröffentlicht 19.01.2018 19:29:00
- Zuletzt bearbeitet 21.11.2024 03:08:49
An exploitable cross site scripting (XSS) vulnerability exists in the add filter functionality of the rails_admin rails gem version 1.2.0. A specially crafted URL can cause an XSS flaw resulting in an attacker being able to execute arbitrary javascri...