View at Official ubuntu advisory, NVD, CVE.org · CVE detail
Freshness: upstream tracker timestamp is available; use API updated time as primary recency signal.
CVE-2016-6316 medium priority: Ubuntu including 11 source packages (rails, rails-4.0, …), 110 status rows across 10 suites (artful, bionic, cosmic, disco, precise, trusty, upstream, xenial, yakkety, zesty): DNE 87, ignored 11, needs-triage 7, not-affected 5.
Cross-site scripting (XSS) vulnerability in Action View in Ruby on Rails 3.x before 3.2.22.3, 4.x before 4.2.7.1, and 5.x before 5.0.0.1 might allow remote attackers to inject arbitrary web script or HTML via text declared as "HTML safe" and used as attribute values in tag handlers.