Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
rails admin project rails admin vulnerabilities and exploits
(subscribe to this query)
6.8
CVSSv2
CVE-2016-10522
rails_admin ruby gem <v1.1.1 is vulnerable to cross-site request forgery (CSRF) attacks. Non-GET methods were not validating CSRF tokens and, as a result, an attacker could hypothetically gain access to the application administrative endpoints exposed by the gem.
Rails Admin Project Rails Admin
4.3
CVSSv2
CVE-2020-36190
RailsAdmin (aka rails_admin) prior to 1.4.3 and 2.x prior to 2.0.2 allows XSS via nested forms.
Rails Admin Project Rails Admin
4.3
CVSSv2
CVE-2017-12098
An exploitable cross site scripting (XSS) vulnerability exists in the add filter functionality of the rails_admin rails gem version 1.2.0. A specially crafted URL can cause an XSS flaw resulting in an attacker being able to execute arbitrary javascript on the victim's browse...
Rails Admin Project Rails Admin 1.2.0
4.3
CVSSv2
CVE-2021-29435
trestle-auth is an authentication plugin for the Trestle admin framework. A vulnerability in trestle-auth versions 0.4.0 and 0.4.1 allows an malicious user to create a form that will bypass Rails' built-in CSRF protection when submitted by a victim with a trestle-auth admin ...
Trestle-auth Project Trestle-auth 0.4.1
Trestle-auth Project Trestle-auth 0.4.0
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2018-25103
CVE-2024-36279
CVE-2024-38457
elevation of privilege
CVE-2024-27801
CVE-2024-30103
NULL pointer dereference
CVE-2024-6057
XML injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started