CVE-2016-6316 in Ruby on Railsالمعلومات

الملخص

بحسب MITRE

Cross-site scripting (XSS) vulnerability in Action View in Ruby on Rails 3.x before 3.2.22.3, 4.x before 4.2.7.1, and 5.x before 5.0.0.1 might allow remote attackers to inject arbitrary web script or HTML via text declared as "HTML safe" and used as attribute values in tag handlers.

Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

حجز

26/07/2016

إفشاء

07/09/2016

الاعتدال

تمت الموافقة

إدخال

VDB-91364

CPE

جاهز

CWE

CWE-79 (مؤكد)

CVSS

6.1 (NVD)

EPSS

0.01626

KEV

لا

النشاطات

منخفض جدًا

القطاع

Energy, Finance, ...

المصادر

MITRE	https://www.cve.org/CVERecord?id=CVE-2016-6316
NVD	https://nvd.nist.gov/vuln/detail/CVE-2016-6316
CVE Details	https://www.cvedetails.com/cve/CVE-2016-6316/

التالي ▸نظرة عامة ◂ السابق

Interested in the pricing of exploits?

See the underground prices here!