ubuntu · CVE-2016-6316

Quick triage

Priority: medium Published: 2016-09-07 19:28:00 UTC Updated: 2025-08-25 22:07:54 UTC

View at Official ubuntu advisory, NVD, CVE.org · CVE detail

Freshness: upstream tracker timestamp is available; use API updated time as primary recency signal.

Tracker summary

CVE-2016-6316 medium priority: Ubuntu including 11 source packages (rails, rails-4.0, …), 110 status rows across 10 suites (artful, bionic, cosmic, disco, precise, trusty, upstream, xenial, yakkety, zesty): DNE 87, ignored 11, needs-triage 7, not-affected 5.

Description:

Cross-site scripting (XSS) vulnerability in Action View in Ruby on Rails 3.x before 3.2.22.3, 4.x before 4.2.7.1, and 5.x before 5.0.0.1 might allow remote attackers to inject arbitrary web script or HTML via text declared as "HTML safe" and used as attribute values in tag handlers.

cvelogic Threat Intelligence