CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Rails Admin Project: >> Rails Admin >> 1.2.0 Security Vulnerabilities

CVE-2024-39308

RailsAdmin is a Rails engine that provides an interface for managing data. RailsAdmin list view has the XSS vulnerability, caused by improperly-escaped HTML title attribute. Upgrade to 3.1.3 or 2.2.2 (to be released).

CVSS Score

6.8

EPSS Score

0.001

Published

2024-07-08

CVE-2020-36190

RailsAdmin (aka rails_admin) before 1.4.3 and 2.x before 2.0.2 allows XSS via nested forms.

CVSS Score

6.1

EPSS Score

0.003

Published

2021-01-12

CVE-2017-12098

An exploitable cross site scripting (XSS) vulnerability exists in the add filter functionality of the rails_admin rails gem version 1.2.0. A specially crafted URL can cause an XSS flaw resulting in an attacker being able to execute arbitrary javascript on the victim's browser. An attacker can phish an authenticated user to trigger this vulnerability.

CVSS Score

6.1

EPSS Score

0.004

Published

2018-01-19

Page 1

Vulnerabilities

Vulnerable Software

Rails Admin Project: >> Rails Admin >> 1.2.0 Security Vulnerabilities

Products

Pricing

Contact Us