Ruby on Rails Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability - CVE-2016-6316
Reference:
CVE-2016-6316
Title:
Ruby on Rails Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Overview:
Cross-site scripting (XSS) vulnerability in Action View in Ruby on Rails 3.x before 3.2.22.3 4.x before 4.2.7.1 and 5.x before 5.0.0.1 might allow remote attackers to inject arbitrary web script or HTML via text declared as quotHTML safequot and used as attribute values in tag handlers.