CVE-2024-39308

medium

Description

RailsAdmin is a Rails engine that provides an interface for managing data. RailsAdmin list view has the XSS vulnerability, caused by improperly-escaped HTML title attribute. Upgrade to 3.1.3 or 2.2.2 (to be released).

References

https://rubygems.org/gems/rails_admin/versions/3.1.3

https://rubygems.org/gems/rails_admin/versions/2.3.0

https://github.com/railsadminteam/rails_admin/security/advisories/GHSA-8qgm-g2vv-vwvc

https://github.com/railsadminteam/rails_admin/issues/3686

https://github.com/railsadminteam/rails_admin/commit/d84b39884059c4ed50197cec8522cca029a17673

https://github.com/railsadminteam/rails_admin/commit/b5a287d82e2cbd1737a1a01e11ede2911cce7fef

Details

Source: Mitre, NVD

Published: 2024-07-08

Updated: 2024-08-22

Risk Information

CVSS v2

Base Score: 5.5

Vector: CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:N

Severity: Medium

CVSS v3

Base Score: 5.4

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Severity: Medium

CVSS v4

Base Score: 6.1

Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N

Severity: Medium

Detections

Analytics

CVE-2024-39308

medium

Description

References

Details

Risk Information

CVSS v2

CVSS v3

CVSS v4