Lucene search
K

26 matches found

Prion
Prion
added 2021/01/12 8:15 p.m.13 views

Design/Logic Flaw

RailsAdmin aka railsadmin before 1.4.3 and 2.x before 2.0.2 allows XSS via nested forms...

4.3CVSS6.2AI score0.01278EPSS
Exploits1References3Affected Software1
CVE
CVE
added 2021/01/12 7:38 p.m.71 views

CVE-2020-36190

The CVE-2020-36190 case affects the RailsAdmin (rails_admin) gem prior to 1.4.3 and 2.x prior to 2.0.2, exposing a cross-site scripting (XSS) vulnerability via nested forms. Root cause is unvalidated input in nested form handling, enabling injected scripts to be rendered in the browser. The impac...

6.1CVSS6.1AI score0.01278EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2021/01/12 7:38 p.m.33 views

CVE-2020-36190

RailsAdmin aka railsadmin before 1.4.3 and 2.x before 2.0.2 allows XSS via nested forms...

6.3AI score0.01278EPSS
Exploits1References3
CNNVD
CNNVD
added 2021/01/12 12:0 a.m.9 views

RailsAdmin Cross-Site Scripting Vulnerability

RailsAdmin is a Rails engine from the Rails team that provides an easy-to-use interface to manage your data. A cross-site scripting vulnerability exists in RailsAdmin that can be exploited by an attacker to obtain sensitive information. The following products and versions are affected: RailsAdmin...

6.1CVSS6.2AI score0.01278EPSS
Exploits1References4
RubySec
RubySec
added 2020/03/14 12:0 a.m.14 views

rails_admin ruby gem XSS vulnerability

RailsAdmin aka railsadmin before 1.4.3 and 2.x before 2.0.2 allows XSS via nested forms...

6.1CVSS3.4AI score0.01278EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2018/07/05 4:29 p.m.15 views

UBUNTU-CVE-2016-10522

railsadmin ruby gem v1.1.1 is vulnerable to cross-site request forgery CSRF attacks. Non-GET methods were not validating CSRF tokens and, as a result, an attacker could hypothetically gain access to the application administrative endpoints exposed by the gem...

8.8CVSS7.2AI score0.00983EPSS
Exploits1References5
Rows per page
Query Builder