漏洞类别:Local
漏洞等级: 
漏洞信息
An update for rh-ror41-rubygem-actionview is now available for Red Hat Software Collections.
It was discovered that Action View tag helpers did not escape quotes when using strings declared as HTML safe as attribute values. A remote attacker could use this flaw to conduct a cross-site scripting (XSS) attack. (CVE-2016-6316)
漏洞危害
Successful exploitation allows a remote attacker to conduct cross-site scripting attacks against a targeted system.
解决方案
Upgrade to the latest packages which contain a patch. Refer to Applying Package Updates to RHEL system for details.
Refer to Red Hat security advisory RHSA-2016:1856 to address this issue and obtain more information.
Patch:
Following are links for downloading patches to fix the vulnerabilities:
0day
文章评论