CVE-2024-39308
RailsAdmin Cross-site Scripting vulnerability in the list view
We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.
Please see our statement on Data Privacy.
RailsAdmin Cross-site Scripting vulnerability in the list view
RailsAdmin is a Rails engine that provides an interface for managing data. RailsAdmin list view has the XSS vulnerability, caused by improperly-escaped HTML title attribute. Upgrade to 3.1.3 or 2.2.2 (to be released).
Reserved 2024-06-21 | Published 2024-07-08 | Updated 2024-08-02 | Assigner GitHub_MCWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
github.com/..._admin/security/advisories/GHSA-8qgm-g2vv-vwvc
github.com/railsadminteam/rails_admin/issues/3686
github.com/...ommit/b5a287d82e2cbd1737a1a01e11ede2911cce7fef
github.com/...ommit/d84b39884059c4ed50197cec8522cca029a17673
rubygems.org/gems/rails_admin/versions/2.3.0
rubygems.org/gems/rails_admin/versions/3.1.3
Support options
