RubyGems package
rails_admin
pkg:gem/rails_admin
Vulnerabilities (4)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2024-39308 | — | >= 3.0.0.beta, < 3.1.3 | 3.1.3 | Jul 8, 2024 | RailsAdmin is a Rails engine that provides an interface for managing data. RailsAdmin list view has the XSS vulnerability, caused by improperly-escaped HTML title attribute. Upgrade to 3.1.3 or 2.2.2 (to be released). | ||
| CVE-2020-36190 | — | < 1.4.3 | 1.4.3 | Jan 12, 2021 | RailsAdmin (aka rails_admin) before 1.4.3 and 2.x before 2.0.2 allows XSS via nested forms. | ||
| CVE-2016-10522 | — | >= 1.0.0, < 1.1.1 | 1.1.1 | Jul 5, 2018 | rails_admin ruby gem <v1.1.1 is vulnerable to cross-site request forgery (CSRF) attacks. Non-GET methods were not validating CSRF tokens and, as a result, an attacker could hypothetically gain access to the application administrative endpoints exposed by the gem. | ||
| CVE-2017-12098 | — | < 1.3.0 | 1.3.0 | Jan 19, 2018 | An exploitable cross site scripting (XSS) vulnerability exists in the add filter functionality of the rails_admin rails gem version 1.2.0. A specially crafted URL can cause an XSS flaw resulting in an attacker being able to execute arbitrary javascript on the victim's browser. An |
- CVE-2024-39308Jul 8, 2024affected >= 3.0.0.beta, < 3.1.3fixed 3.1.3
RailsAdmin is a Rails engine that provides an interface for managing data. RailsAdmin list view has the XSS vulnerability, caused by improperly-escaped HTML title attribute. Upgrade to 3.1.3 or 2.2.2 (to be released).
- CVE-2020-36190Jan 12, 2021affected < 1.4.3fixed 1.4.3
RailsAdmin (aka rails_admin) before 1.4.3 and 2.x before 2.0.2 allows XSS via nested forms.
- CVE-2016-10522Jul 5, 2018affected >= 1.0.0, < 1.1.1fixed 1.1.1
rails_admin ruby gem <v1.1.1 is vulnerable to cross-site request forgery (CSRF) attacks. Non-GET methods were not validating CSRF tokens and, as a result, an attacker could hypothetically gain access to the application administrative endpoints exposed by the gem.
- CVE-2017-12098Jan 19, 2018affected < 1.3.0fixed 1.3.0
An exploitable cross site scripting (XSS) vulnerability exists in the add filter functionality of the rails_admin rails gem version 1.2.0. A specially crafted URL can cause an XSS flaw resulting in an attacker being able to execute arbitrary javascript on the victim's browser. An