26 matches found
Design/Logic Flaw
RailsAdmin aka railsadmin before 1.4.3 and 2.x before 2.0.2 allows XSS via nested forms...
CVE-2020-36190
The CVE-2020-36190 case affects the RailsAdmin (rails_admin) gem prior to 1.4.3 and 2.x prior to 2.0.2, exposing a cross-site scripting (XSS) vulnerability via nested forms. Root cause is unvalidated input in nested form handling, enabling injected scripts to be rendered in the browser. The impac...
CVE-2020-36190
RailsAdmin aka railsadmin before 1.4.3 and 2.x before 2.0.2 allows XSS via nested forms...
RailsAdmin Cross-Site Scripting Vulnerability
RailsAdmin is a Rails engine from the Rails team that provides an easy-to-use interface to manage your data. A cross-site scripting vulnerability exists in RailsAdmin that can be exploited by an attacker to obtain sensitive information. The following products and versions are affected: RailsAdmin...
rails_admin ruby gem XSS vulnerability
RailsAdmin aka railsadmin before 1.4.3 and 2.x before 2.0.2 allows XSS via nested forms...
UBUNTU-CVE-2016-10522
railsadmin ruby gem v1.1.1 is vulnerable to cross-site request forgery CSRF attacks. Non-GET methods were not validating CSRF tokens and, as a result, an attacker could hypothetically gain access to the application administrative endpoints exposed by the gem...