Description
Cross-site scripting (XSS) vulnerability in Action View in Ruby on Rails 3.x before 3.2.22.3, 4.x before 4.2.7.1, and 5.x before 5.0.0.1 might allow remote attackers to inject arbitrary web script or HTML via text declared as "HTML safe" and used as attribute values in tag handlers.
Remediation
References
Related Vulnerabilities
MyBB Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2019-3579)
WordPress Plugin Smart Slider 2 Multiple Cross-Site Scripting Vulnerabilities (2.3.11)
WordPress Plugin FCChat Widget 'Upload.php' Arbitrary File Upload (2.2.13.1)
WordPress Plugin GeSHi Source Colorer Cross-Site Scripting (0.13)