Lucene search

K
ubuntucveUbuntu.comUB:CVE-2016-6316
HistorySep 07, 2016 - 12:00 a.m.

CVE-2016-6316

2016-09-0700:00:00
ubuntu.com
ubuntu.com
18

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.007

Percentile

80.6%

Cross-site scripting (XSS) vulnerability in Action View in Ruby on Rails
3.x before 3.2.22.3, 4.x before 4.2.7.1, and 5.x before 5.0.0.1 might allow
remote attackers to inject arbitrary web script or HTML via text declared
as “HTML safe” and used as attribute values in tag handlers.

Bugs

Notes

Author Note
seth-arnold In Oneiric-Saucy, rails package is just for transition; The rails package contains actual code from vivid onward
mdeslaur The GnuPG project used this CVE number by mistake when doing an announcement. The GnuPG issue is actually CVE-2016-6313.

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.007

Percentile

80.6%