FreeBSD : Rails 4 -- Possible XSS Vulnerability in Action View (43f1c867-654a-11e6-8286-00248c0c745d)

This script is Copyright (C) 2016 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing a security-related update.

Description :

Ruby Security team reports :

There is a possible XSS vulnerability in Action View. Text declared as
'HTML safe' will not have quotes escaped when used as attribute values
in tag helpers. This vulnerability has been assigned the CVE
identifier CVE-2016-6316.

See also :

https://groups.google.com/forum/#!topic/ruby-security-ann/8B2iV2tPRSE
http://www.nessus.org/u?0c7f80d8

Solution :

Update the affected package.

Risk factor :

Medium / CVSS Base Score : 4.3
(CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N)

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 94081 ()

Bugtraq ID:

CVE ID: CVE-2016-6316

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now