CVE-2016-6316
Description
Cross-site scripting (XSS) vulnerability in Action View in Ruby on Rails 3.x before 3.2.22.3, 4.x before 4.2.7.1, and 5.x before 5.0.0.1 might allow remote attackers to inject arbitrary web script or HTML via text declared as HTML safe and used as attribute values in tag handlers.
Risk Information
Base Score
6.1
MODERATE
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
EPSS Score
Exploitation Probability
1.626
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Vulnerabilities CVE-2016-6316 are fixed in Ruby-actionview 3.2.22.3 | Windows |
| Vulnerabilities CVE-2016-6316 are fixed in Ruby-actionview 4.2.7.1 | Windows |
| Vulnerabilities CVE-2016-6316 are fixed in Ruby-actionview 5.0.0.1 | Windows |
| rails security update(DSA-3651-1) rails_4.1.8-1+deb8u4_all.deb | Linux |
| Vulnerabilities CVE-2016-6316 are fixed in Ruby-actionview for Linux 3.2.22.3 | Linux |
| Vulnerabilities CVE-2016-6316 are fixed in Ruby-actionview for Linux 4.2.7.1 | Linux |
| Vulnerabilities CVE-2016-6316 are fixed in Ruby-actionview for Linux 5.0.0.1 | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234