Description
Cross-site scripting (XSS) vulnerability in the simple_format helper in actionpack/lib/action_view/helpers/text_helper.rb in Ruby on Rails 4.x before 4.0.2 allows remote attackers to inject arbitrary web script or HTML via a crafted HTML attribute.
Remediation
References
Related Vulnerabilities
MediaWiki Exposure of Resource to Wrong Sphere Vulnerability (CVE-2021-31554)
WordPress Plugin Photo Gallery by 10Web-Mobile-Friendly Image Gallery Cross-Site Scripting (1.5.73)
Drupal Files or Directories Accessible to External Parties Vulnerability (CVE-2017-6922)
WordPress Plugin Slimstat Analytics Cross-Site Scripting (3.5.5)