2017/10/GHSA-m46p-ggm5-5j83 Rails vulnerable to Cross-site Scripting