CVE-2024-39308 MEDIUM

CVE-2024-39308: RailsAdmin Cross-site Scripting vulnerability in the list view

Vendor Railsadminteam
Product rails_admin
Weakness CWE-79 · XSS
Published July 8, 2024
Last update August 2, 2024
View on NVD All CVEs

CVSS base score

6.8/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction Required
Confidentiality High
Integrity None

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N

What the vulnerability does

Description

RailsAdmin is a Rails engine that provides an interface for managing data. RailsAdmin list view has the XSS vulnerability, caused by improperly-escaped HTML title attribute. Upgrade to 3.1.3 or 2.2.2 (to be released).

Key dates

Disclosure timeline

July 8, 2024 CVE published
August 2, 2024 Record updated