activeadmin is vulnerable to Cross-site Scripting (XSS). The vulnerability is due to improper sanitization of user input in dynamic legends, which allows for the injection of arbitrary JavaScript code when creating entities with names that include a script payload.
CPE | Name | Operator | Version |
---|---|---|---|
activeadmin | le | 3.2.1 | |
activeadmin | le | 4.0.0.beta6 | |
activeadmin | le | 3.2.1 | |
activeadmin | le | 4.0.0.beta6 |
github.com/activeadmin/activeadmin/commit/8a35a37add4742ee04fe7f7d56546ce362958835
github.com/activeadmin/activeadmin/commit/994880d1005882e85a7fb41f737a171a693e3c9a
github.com/activeadmin/activeadmin/pull/8349
github.com/activeadmin/activeadmin/releases/tag/v3.2.2
github.com/activeadmin/activeadmin/security/advisories/GHSA-9mg6-x45v-hcfm
github.com/advisories/GHSA-9mg6-x45v-hcfm
rubygems.org/gems/activeadmin/versions/3.2.2