Lucene search
K

8 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2024-2006

Malicious code in bioql PyPI...

6.1CVSS6.2AI score0.00349EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 2025/02/14 2:50 a.m.20 views

CVE-2024-37031

The Active Admin aka activeadmin framework before 3.2.2 for Ruby on Rails allows stored XSS in certain situations where users can create entities to be later edited in forms with arbitrary names, aka a "dynamic form legends" issue. 4.0.0.beta7 is also a fixed version...

6.1CVSS5.8AI score0.00349EPSS
Exploits0References1
NVD
NVD
added 2024/06/03 6:15 a.m.30 views

CVE-2024-37031

The Active Admin aka activeadmin framework before 3.2.2 for Ruby on Rails allows stored XSS in certain situations where users can create entities to be later edited in forms with arbitrary names, aka a "dynamic form legends" issue. 4.0.0.beta7 is also a fixed version...

6.1CVSS5.7AI score0.00349EPSS
Exploits0References3
Cvelist
Cvelist
added 2024/06/03 5:54 a.m.37 views

CVE-2024-37031

The Active Admin aka activeadmin framework before 3.2.2 for Ruby on Rails allows stored XSS in certain situations where users can create entities to be later edited in forms with arbitrary names, aka a "dynamic form legends" issue. 4.0.0.beta7 is also a fixed version...

5.7AI score0.00349EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2024/06/03 5:54 a.m.13 views

CVE-2024-37031

The Active Admin aka activeadmin framework before 3.2.2 for Ruby on Rails allows stored XSS in certain situations where users can create entities to be later edited in forms with arbitrary names, aka a "dynamic form legends" issue. 4.0.0.beta7 is also a fixed version...

6.2AI score0.00349EPSS
Exploits0References3
OSV
OSV
added 2024/06/02 10:32 p.m.14 views

GHSA-9MG6-X45V-HCFM activeadmin vulnerable to stored persistent cross-site scripting (XSS) in dynamic form legends

Impact Users settings their active admin form legends dynamically may be vulnerable to stored XSS, as long as its value can be injected directly by a malicious user. For example: A public web application allows users to create entities with arbitrary names. Active Admin is used to administrate...

7.2CVSS6.1AI score0.00349EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2024/06/02 12:0 a.m.6 views

PT-2024-27254 · Unknown · Activeadmin

Name of the Vulnerable Software and Affected Versions: Active Admin versions prior to 3.2.2 Active Admin version 4.0.0.beta7 is a fixed version, implying versions prior to 4.0.0.beta7 are also affected, but since 3.2.2 is mentioned as a fixed version, we only consider versions prior to 3.2.2 as...

7.2CVSS5.9AI score0.00349EPSS
Exploits0References11
RubySec
RubySec
added 2024/06/02 12:0 a.m.27 views

activeadmin vulnerable to stored persistent cross-site scripting (XSS) in dynamic form legends

Impact Users settings their active admin form legends dynamically may be vulnerable to stored XSS, as long as its value can be injected directly by a malicious user. For example: A public web application allows users to create entities with arbitrary names. Active Admin is used to administrate...

6.1CVSS6.6AI score0.00349EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder