CVE-2024-39308

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-39308

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-39308.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2024-39308

Aliases

GHSA-8qgm-g2vv-vwvc

Downstream

UBUNTU-CVE-2024-39308

Published

2024-07-08T14:33:55.144Z

Modified

2025-12-05T05:18:40.617302Z

Severity

6.8 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N CVSS Calculator

Summary

RailsAdmin Cross-site Scripting vulnerability in the list view

Details

RailsAdmin is a Rails engine that provides an interface for managing data. RailsAdmin list view has the XSS vulnerability, caused by improperly-escaped HTML title attribute. Upgrade to 3.1.3 or 2.2.2 (to be released).

Database specific

{
    "cna_assigner": "GitHub_M",
    "cwe_ids": [
        "CWE-79"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/39xxx/CVE-2024-39308.json"
}

References

Affected packages

Git / github.com/railsadminteam/rails_admin

Affected ranges

Type: GIT
Repo: https://github.com/railsadminteam/rails_admin
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

b5a287d82e2cbd1737a1a01e11ede2911cce7fef

Fixed

d84b39884059c4ed50197cec8522cca029a17673

Affected versions

v0.*

v0.0.1

v0.0.2

v0.0.3

v0.0.4

v0.0.5

v0.1.0

v0.1.1

v0.1.2

v0.2.0

v0.3.0

v0.4.0

v0.4.1

v0.4.2

v0.4.3

v0.4.5

v0.4.6

v0.4.7

v0.4.8

v0.4.9

v0.5.0

v0.6.0

v0.6.1

v0.6.2

v0.6.3

v0.6.4

v0.6.5

v0.6.6

v0.6.7

v0.6.8

v0.7.0

v0.8.0

v0.8.1

v1.*

v1.0.0

v1.0.0.rc

v1.1.0

v1.1.1

v1.2.0

v1.3.0

v1.4.0

v1.4.1

v1.4.2

v2.*

v2.0.0

v2.0.0.beta

v2.0.0.rc

v2.0.1

v2.0.2

v2.1.0

v2.1.1

v2.2.0

v2.2.1

v3.*

v3.0.0

v3.0.0.beta

v3.0.0.beta2

v3.0.0.rc

v3.0.0.rc2

v3.0.0.rc3

v3.0.0.rc4

v3.1.0

v3.1.0.beta

v3.1.0.rc

v3.1.0.rc2

v3.1.1

v3.1.2

Git / github.com/sferik/rails_admin