CVE-2013-6416

Name of the Vulnerable Software and Affected Versions Ruby on Rails versions 4.0.0 through 4.0.1

Description A cross-site scripting (XSS) issue exists in the simple format helper, located in actionpack/lib/action view/helpers/text helper.rb, allowing remote attackers to inject arbitrary web script or HTML via a crafted HTML attribute. This enables attackers to execute malicious scripts on the client-side.

Recommendations For Ruby on Rails versions 4.0.0 through 4.0.1, update to version 4.0.2 or later to resolve the issue. As a temporary workaround, consider restricting the use of the simple format helper until a patch is applied.