CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Rubyonrails: >> Ruby On Rails >> 3.2.22.1 Security Vulnerabilities

CVE-2016-6316

Cross-site scripting (XSS) vulnerability in Action View in Ruby on Rails 3.x before 3.2.22.3, 4.x before 4.2.7.1, and 5.x before 5.0.0.1 might allow remote attackers to inject arbitrary web script or HTML via text declared as "HTML safe" and used as attribute values in tag handlers.

CVSS Score

6.1

EPSS Score

0.022

Published

2016-09-07

Page 1

Vulnerabilities

Vulnerable Software

Rubyonrails: >> Ruby On Rails >> 3.2.22.1 Security Vulnerabilities

Products

Pricing

Contact Us