Lucene search

CVE-2024-37031

🗓️ 03 Jun 2024 05:46:54Reported by mitreType

Active Admin framework prior to version 3.2.2 allows stored XSS via dynamic form legends.

5 of 5AI Insights are available for you today

Leverage the power of AI to quickly understand vulnerabilities, impacts, and exploitability

Reporter	Title	Published	Views	Family All 10
RedhatCVE	CVE-2024-37031	14 Feb 202502:50	–	redhatcve
Cvelist	CVE-2024-37031	3 Jun 202405:54	–	cvelist
OSV	CVE-2024-37031	3 Jun 202406:15	–	osv
OSV	GHSA-9MG6-X45V-HCFM activeadmin vulnerable to stored persistent cross-site scripting (XSS) in dynamic form legends	2 Jun 202422:32	–	osv
GitLab Advisory Database	activeadmin vulnerable to stored persistent cross-site scripting (XSS) in dynamic form legends	2 Jun 202400:00	–	gitlab
NVD	CVE-2024-37031	3 Jun 202406:15	–	nvd
CVE	CVE-2024-37031	3 Jun 202406:15	–	cve
Github Security Blog	activeadmin vulnerable to stored persistent cross-site scripting (XSS) in dynamic form legends	2 Jun 202422:32	–	github
Veracode	Cross-site Scripting (XSS)	5 Jun 202404:37	–	veracode
RubySec	activeadmin vulnerable to stored persistent cross-site scripting (XSS) in dynamic form legends	1 Jun 202421:00	–	rubygems

Source	Link
github	www.github.com/activeadmin/activeadmin/security/advisories/GHSA-9mg6-x45v-hcfm
github	www.github.com/activeadmin/activeadmin/releases/tag/v3.2.2
rubygems	www.rubygems.org/gems/activeadmin/versions/3.2.2

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

03 Jun 2024 05:54Current

6.2Medium risk

Vulners AI Score6.2

EPSS0.00115

SSVC