Incorrect handling of certain characters passed to the redirection functionality in Rails can lead to a single-click XSS vulnerability.