rails_admin is vulnerable to cross-site scripting (XSS). The vulnerability exists in the add filter
function and it allows arbitrary javascript to be executed when loaded.
CPE | Name | Operator | Version |
---|---|---|---|
rails_admin | le | 1.2.0 | |
rails_admin | le | 1.2.0 |
www.securityfocus.com/bid/102486
github.com/sferik/rails_admin/issues/2985
github.com/sferik/rails_admin/pull/2894
github.com/sferik/rails_admin/pull/2987
mdb-dev.es/2018/01/11/vulnerability-spotlight-ruby-rails-gem-xss-vulnerabilities/
www.talosintelligence.com/reports/TALOS-2017-0450
www.talosintelligence.com/vulnerability_reports/TALOS-2017-0450