Description
RailsAdmin is a Rails engine that provides an interface for managing data. RailsAdmin list view has the XSS vulnerability, caused by improperly-escaped HTML title attribute. Upgrade to 3.1.3 or 2.2.2 (to be released).
Published: 2024-07-08
Score: 5.4 Medium
EPSS: 6.7% Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Analysis and contextual insights are available on OpenCVE Cloud.

Remediation

No vendor fix or workaround currently provided.

Additional remediation guidance may be available on OpenCVE Cloud.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2024-2305 RailsAdmin is a Rails engine that provides an interface for managing data. RailsAdmin list view has the XSS vulnerability, caused by improperly-escaped HTML title attribute. Upgrade to 3.1.3 or 2.2.2 (to be released).
Github GHSA Github GHSA GHSA-8qgm-g2vv-vwvc RailsAdmin Cross-site Scripting vulnerability in the list view
History

Thu, 22 Aug 2024 14:45:00 +0000

Type Values Removed Values Added
First Time appeared Rails Admin Project
Rails Admin Project rails Admin
CPEs cpe:2.3:a:rails_admin_project:rails_admin:*:*:*:*:*:ruby:*:*
Vendors & Products Rails Admin Project
Rails Admin Project rails Admin
Metrics cvssV3_1

{'score': 5.4, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N'}

Subscriptions

Rails Admin Project Rails Admin
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2024-08-02T04:19:20.581Z

Reserved: 2024-06-21T18:15:22.259Z

Link: CVE-2024-39308

cve-icon Vulnrichment

Updated: 2024-07-17T13:06:01.233Z

cve-icon NVD

Status : Modified

Published: 2024-07-08T15:15:22.080

Modified: 2024-11-21T09:27:25.837

Link: CVE-2024-39308

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.

Weaknesses