4 matches found
RailsAdmin Cross-site Scripting vulnerability in the list view
Impact RailsAdmin list view has the XSS vulnerability, caused by improperly-escaped HTML title attribute. The issue was originally reported in https://github.com/railsadminteam/railsadmin/issues/3686. Patches Upgrade to 3.1.4. The vulnerability itself was patched in 3.1.3 but it has a functionali...
GHSA-8QGM-G2VV-VWVC RailsAdmin Cross-site Scripting vulnerability in the list view
Impact RailsAdmin list view has the XSS vulnerability, caused by improperly-escaped HTML title attribute. The issue was originally reported in https://github.com/railsadminteam/railsadmin/issues/3686. Patches Upgrade to 3.1.4. The vulnerability itself was patched in 3.1.3 but it has a functionali...
GHSA-5CR9-5JX3-2G39 avo vulnerable to Stored XSS (Cross Site Scripting) in html content based fields
Summary Some avo fields are vulnerable to XSS when rendering html based content. Details During the analysis of the web application, a rendered field was discovered that did not filter JS / HTML tags in a safe way and can be abused to execute js code on a client side. The trix field uses the trix...
avo vulnerable to Stored XSS (Cross Site Scripting) in html content based fields
Summary Some avo fields are vulnerable to XSS when rendering html based content. Details During the analysis of the web application, a rendered field was discovered that did not filter JS / HTML tags in a safe way and can be abused to execute js code on a client side. The trix field uses the trix...