28 matches found
EUVD-2018-0183
Malware in sbrugna...
Linux Distros Unpatched Vulnerability : CVE-2016-10522
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - railsadmin ruby gem v1.1.1 is vulnerable to cross-site request forgery CSRF attacks. Non-GET methods were not validating CSRF tokens and, as a result, an attack...
Linux Distros Unpatched Vulnerability : CVE-2017-12098
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An exploitable cross site scripting XSS vulnerability exists in the add filter functionality of the railsadmin rails gem version 1.2.0. A specially crafted URL...
Cross-Site Scripting (XSS)
railsadmin is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improperly-escaped HTML title attributes in the RailsAdmin list view, which can allow attackers to inject malicious scripts. Note: While 3.1.3 is the safe version, its recommended to upgrade to 3.1.4 as the 3.1.3...
Cross-Site Scripting (XSS)
railsadmin is vulnerable to cross-site scripting XSS. A remote attacker is able to inject and execute arbitrary Javascript in a user's browser via nested forms...
Cross-site request forgery in rails_admin
railsadmin ruby gem v1.1.1 is vulnerable to cross-site request forgery CSRF attacks. Non-GET methods were not validating CSRF tokens and, as a result, an attacker could hypothetically gain access to the application administrative endpoints exposed by the gem...
GHSA-PXQR-8V54-M2HJ Cross-site request forgery in rails_admin
railsadmin ruby gem v1.1.1 is vulnerable to cross-site request forgery CSRF attacks. Non-GET methods were not validating CSRF tokens and, as a result, an attacker could hypothetically gain access to the application administrative endpoints exposed by the gem...
CVE-2016-10522
railsadmin ruby gem v1.1.1 is vulnerable to cross-site request forgery CSRF attacks. Non-GET methods were not validating CSRF tokens and, as a result, an attacker could hypothetically gain access to the application administrative endpoints exposed by the gem...
Cross site request forgery (csrf)
railsadmin ruby gem v1.1.1 is vulnerable to cross-site request forgery CSRF attacks. Non-GET methods were not validating CSRF tokens and, as a result, an attacker could hypothetically gain access to the application administrative endpoints exposed by the gem...
CVE-2016-10522
railsadmin ruby gem v1.1.1 is vulnerable to cross-site request forgery CSRF attacks. Non-GET methods were not validating CSRF tokens and, as a result, an attacker could hypothetically gain access to the application administrative endpoints exposed by the gem...
CVE-2016-10522
railsadmin ruby gem v1.1.1 is vulnerable to cross-site request forgery CSRF attacks. Non-GET methods were not validating CSRF tokens and, as a result, an attacker could hypothetically gain access to the application administrative endpoints exposed by the gem...
CVE-2016-10522
railsadmin ruby gem v1.1.1 is vulnerable to cross-site request forgery CSRF attacks. Non-GET methods were not validating CSRF tokens and, as a result, an attacker could hypothetically gain access to the application administrative endpoints exposed by the gem...
CVE-2016-10522
The CVE-2016-10522 entry concerns the rails_admin Ruby gem
CVE-2016-10522
Removed by vendor...
GHSA-PXR8-W3JQ-RCWJ rails_admin ruby gem XSS
An exploitable cross site scripting XSS vulnerability exists in the add filter functionality of the railsadmin rails gem version 1.2.0. A specially crafted URL can cause an XSS flaw resulting in an attacker being able to execute arbitrary javascript on the victim's browser. An attacker can phish ...
rails_admin ruby gem XSS
An exploitable cross site scripting XSS vulnerability exists in the add filter functionality of the railsadmin rails gem version 1.2.0. A specially crafted URL can cause an XSS flaw resulting in an attacker being able to execute arbitrary javascript on the victim's browser. An attacker can phish ...
CVE-2017-12098
An exploitable cross site scripting XSS vulnerability exists in the add filter functionality of the railsadmin rails gem version 1.2.0. A specially crafted URL can cause an XSS flaw resulting in an attacker being able to execute arbitrary javascript on the victim's browser. An attacker can phish ...
Cross site scripting
An exploitable cross site scripting XSS vulnerability exists in the add filter functionality of the railsadmin rails gem version 1.2.0. A specially crafted URL can cause an XSS flaw resulting in an attacker being able to execute arbitrary javascript on the victim's browser. An attacker can phish ...
CVE-2017-12098
An exploitable cross site scripting XSS vulnerability exists in the add filter functionality of the railsadmin rails gem version 1.2.0. A specially crafted URL can cause an XSS flaw resulting in an attacker being able to execute arbitrary javascript on the victim's browser. An attacker can phish ...
CVE-2017-12098
An exploitable cross site scripting XSS vulnerability exists in the add filter functionality of the railsadmin rails gem version 1.2.0. A specially crafted URL can cause an XSS flaw resulting in an attacker being able to execute arbitrary javascript on the victim's browser. An attacker can phish ...