Vulnerability Description
The Active Admin (aka activeadmin) framework before 3.2.2 for Ruby on Rails allows stored XSS in certain situations where users can create entities (to be later edited in forms) with arbitrary names, aka a "dynamic form legends" issue. 4.0.0.beta7 is also a fixed version.
CVSS Score
MEDIUM
Related Weaknesses (CWE)
References
- https://github.com/activeadmin/activeadmin/releases/tag/v3.2.2
- https://github.com/activeadmin/activeadmin/security/advisories/GHSA-9mg6-x45v-hc
- https://rubygems.org/gems/activeadmin/versions/3.2.2
- https://github.com/activeadmin/activeadmin/releases/tag/v3.2.2
- https://github.com/activeadmin/activeadmin/security/advisories/GHSA-9mg6-x45v-hc
- https://rubygems.org/gems/activeadmin/versions/3.2.2
FAQ
What is CVE-2024-37031?
CVE-2024-37031 is a vulnerability with a CVSS score of 6.1 (MEDIUM). The Active Admin (aka activeadmin) framework before 3.2.2 for Ruby on Rails allows stored XSS in certain situations where users can create entities (to be later edited in forms) with arbitrary names, ...
How severe is CVE-2024-37031?
CVE-2024-37031 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2024-37031?
Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.