Description
Cross-site scripting (XSS) vulnerability in the simple_format helper in actionpack/lib/action_view/helpers/text_helper.rb in Ruby on Rails 4.x before 4.0.2 allows remote attackers to inject arbitrary web script or HTML via a crafted HTML attribute.
Remediation
References
Related Vulnerabilities
Jenkins Improper Input Validation Vulnerability (CVE-2018-1999002)
WordPress Plugin Tune Library SQL Injection (1.5.4)
Dot CMS Permissions, Privileges, and Access Controls Vulnerability (CVE-2016-8600)
WordPress Plugin WordPress Popular Posts Cross-Site Scripting (5.3.5)
WordPress Plugin Disqus Comment System Multiple Vulnerabilities (2.75)