Описание
RailsAdmin is a Rails engine that provides an interface for managing data. RailsAdmin list view has the XSS vulnerability, caused by improperly-escaped HTML title attribute. Upgrade to 3.1.3 or 2.2.2 (to be released).
Ссылки
- Patch
- Patch
- Issue Tracking
- Vendor Advisory
- Patch
- Patch
- Patch
- Patch
- Issue Tracking
- Vendor Advisory
- Patch
- Patch
Уязвимые конфигурации
Конфигурация 1Версия до 2.3.0 (исключая)Версия от 3.0.0 (включая) до 3.1.3 (исключая)
Одно из
cpe:2.3:a:rails_admin_project:rails_admin:*:*:*:*:*:ruby:*:*
cpe:2.3:a:rails_admin_project:rails_admin:*:*:*:*:*:ruby:*:*
EPSS
Процентиль: 85%
0.02464
Низкий
6.8 Medium
CVSS3
5.4 Medium
CVSS3
Дефекты
CWE-79
CWE-79
Связанные уязвимости
CVSS3: 5.4
ubuntu
больше 1 года назад
RailsAdmin is a Rails engine that provides an interface for managing data. RailsAdmin list view has the XSS vulnerability, caused by improperly-escaped HTML title attribute. Upgrade to 3.1.3 or 2.2.2 (to be released).
CVSS3: 6.8
github
больше 1 года назад
RailsAdmin Cross-site Scripting vulnerability in the list view
EPSS
Процентиль: 85%
0.02464
Низкий
6.8 Medium
CVSS3
5.4 Medium
CVSS3
Дефекты
CWE-79
CWE-79