THREATINT

We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Fathom (Privacy friendly web analytics)
Zendesk (Helpdesk and Chat)

Ok

Home | EN
Support
CVE
PUBLISHED

CVE-2024-39308

RailsAdmin Cross-site Scripting vulnerability in the list view

AssignerGitHub_M
Reserved2024-06-21
Published2024-07-08
Updated2024-07-17

Description

RailsAdmin is a Rails engine that provides an interface for managing data. RailsAdmin list view has the XSS vulnerability, caused by improperly-escaped HTML title attribute. Upgrade to 3.1.3 or 2.2.2 (to be released).



MEDIUM: 6.8CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N

Problem types

CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Product status

>= 3.0.0, < 3.1.3
affected

< 2.3.0
affected

References

https://github.com/railsadminteam/rails_admin/security/advisories/GHSA-8qgm-g2vv-vwvc

https://github.com/railsadminteam/rails_admin/issues/3686

https://github.com/railsadminteam/rails_admin/commit/b5a287d82e2cbd1737a1a01e11ede2911cce7fef

https://github.com/railsadminteam/rails_admin/commit/d84b39884059c4ed50197cec8522cca029a17673

https://rubygems.org/gems/rails_admin/versions/2.3.0

https://rubygems.org/gems/rails_admin/versions/3.1.3

cve.org CVE-2024-39308

nvd.nist.gov CVE-2024-39308

Download JSON

Share this page
https://cve.threatint.com/CVE/CVE-2024-39308
© Copyright 2024 THREATINT. Made in Cyprus with +