CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Rails Admin Project: >> Rails Admin >> 0.4.9 Security Vulnerabilities

CVE-2024-39308

RailsAdmin is a Rails engine that provides an interface for managing data. RailsAdmin list view has the XSS vulnerability, caused by improperly-escaped HTML title attribute. Upgrade to 3.1.3 or 2.2.2 (to be released).

CVSS Score

6.8

EPSS Score

0.001

Published

2024-07-08

CVE-2020-36190

RailsAdmin (aka rails_admin) before 1.4.3 and 2.x before 2.0.2 allows XSS via nested forms.

CVSS Score

6.1

EPSS Score

0.003

Published

2021-01-12

CVE-2016-10522

rails_admin ruby gem <v1.1.1 is vulnerable to cross-site request forgery (CSRF) attacks. Non-GET methods were not validating CSRF tokens and, as a result, an attacker could hypothetically gain access to the application administrative endpoints exposed by the gem.

CVSS Score

8.8

EPSS Score

0.002

Published

2018-07-05

Page 1

Vulnerabilities

Vulnerable Software

Rails Admin Project: >> Rails Admin >> 0.4.9 Security Vulnerabilities

Products

Pricing

Contact Us