CVE-2024-39308
RailsAdmin Cross-site Scripting vulnerability in the list view
We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.
Please see our statement on Data Privacy.
RailsAdmin Cross-site Scripting vulnerability in the list view
| Assigner | GitHub_M |
| Reserved | 2024-06-21 |
| Published | 2024-07-08 |
| Updated | 2024-08-02 |
RailsAdmin is a Rails engine that provides an interface for managing data. RailsAdmin list view has the XSS vulnerability, caused by improperly-escaped HTML title attribute. Upgrade to 3.1.3 or 2.2.2 (to be released).
| CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N |
CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
https://github.com/railsadminteam/rails_admin/security/advisories/GHSA-8qgm-g2vv-vwvc
https://github.com/railsadminteam/rails_admin/issues/3686
https://github.com/railsadminteam/rails_admin/commit/b5a287d82e2cbd1737a1a01e11ede2911cce7fef
https://github.com/railsadminteam/rails_admin/commit/d84b39884059c4ed50197cec8522cca029a17673
https://rubygems.org/gems/rails_admin/versions/2.3.0
https://rubygems.org/gems/rails_admin/versions/3.1.3
