An update for rh-ror41-rubygem-actionview is now available for Red Hat Software Collections.
It was discovered that Action View tag helpers did not escape quotes when using strings declared as HTML safe as attribute values. A remote attacker could use this flaw to conduct a cross-site scripting (XSS) attack. (CVE-2016-6316)
Successful exploitation allows a remote attacker to conduct cross-site scripting attacks against a targeted system.
Upgrade to the latest packages which contain a patch. Refer to Applying Package Updates to RHEL system for details.
Refer to Red Hat security advisory RHSA-2016:1856 to address this issue and obtain more information.
Following are links for downloading patches to fix the vulnerabilities: