RailsAdmin (aka rails_admin) before 1.4.3 and 2.x before 2.0.2 allows XSS via nested forms.
References
Link | Resource |
---|---|
https://github.com/sferik/rails_admin/blob/master/README.md | Exploit Third Party Advisory |
https://github.com/sferik/rails_admin/commit/d72090ec6a07c3b9b7b48ab50f3d405f91ff4375 | Patch Third Party Advisory |
https://github.com/sferik/rails_admin/compare/v1.4.2...v1.4.3 | Patch Third Party Advisory |
Configurations
Configuration 1 (hide)
|
History
No history.
Information
Published : 2021-01-12 20:15
Updated : 2024-02-28 18:08
NVD link : CVE-2020-36190
Mitre link : CVE-2020-36190
CVE.ORG link : CVE-2020-36190
JSON object : View
Products Affected
rails_admin_project
- rails_admin
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')