CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2017-12098
https://notcve.org/view.php?id=CVE-2017-12098
19 Jan 2018 — An exploitable cross site scripting (XSS) vulnerability exists in the add filter functionality of the rails_admin rails gem version 1.2.0. A specially crafted URL can cause an XSS flaw resulting in an attacker being able to execute arbitrary javascript on the victim's browser. An attacker can phish an authenticated user to trigger this vulnerability. Existe una vulnerabilidad de Cross-Site Scripting (XSS) explotable en la funcionalidad add filter de la gema de rails rails_admin en su versión 1.2.0. Una URL ... • http://www.securityfocus.com/bid/102486 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 2%CPEs: 27EXPL: 0CVE-2013-1756
https://notcve.org/view.php?id=CVE-2013-1756
09 Jun 2014 — The Dragonfly gem 0.7 before 0.8.6 and 0.9.x before 0.9.13 for Ruby, when used with Ruby on Rails, allows remote attackers to execute arbitrary code via a crafted request. La gema Dragonfly 0.7 anterior a 0.8.6 y 0.9.x anterior a 0.9.13 para Ruby, cuando se utiliza con Ruby on Rails, permite a atacantes remotos ejecutar código arbitrario a través de una solicitud manipulada. • http://secunia.com/advisories/52380 • CWE-94: Improper Control of Generation of Code ('Code Injection') •