CVE-2011-1497
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2011-1497
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
A cross-site scripting vulnerability flaw was found in the auto_link function in Rails before version 3.0.6.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
在Web页面生成时对输入的转义处理不恰当(跨站脚本)
Source: NVD (National Vulnerability Database)
Vulnerability Title
Rails 跨站脚本漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Rails是Rails团队的一套基于Ruby语言的开源Web应用框架。 Rails 3.0.6之前版本的auto_link函数存在跨站脚本漏洞,目前尚无此漏洞的更多信息,请随时关注CNNVD或厂商公告。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| - | rails | rails 3.0.6 | - |
II. Public POCs for CVE-2011-1497
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2011-1497
Please Login to view more intelligence information
- https://www.openwall.com/lists/oss-security/2011/04/06/13x_refsource_MISC
- https://nvd.nist.gov/vuln/detail/CVE-2011-1497
Same Patch Batch · n/a · 2021-10-19 · 11 CVEs total
| CVE-2021-35323 | Bludit 跨站脚本漏洞 | |
| CVE-2021-33988 | Microweber 跨站脚本漏洞 | |
| CVE-2020-12141 | Contiki 缓冲区错误漏洞 | |
| CVE-2021-27001 | Netapp Clustered Data ONTAP 安全漏洞 | |
| CVE-2021-26589 | HPE Superdome Flex Server 跨站脚本漏洞 | |
| CVE-2011-1075 | FreeBSD 竞争条件问题漏洞 | |
| CVE-2021-3746 | Archlinux libtpms 缓冲区错误漏洞 | |
| CVE-2021-30358 | Check Point Mobile Access 操作系统命令注入漏洞 | |
| CVE-2021-36512 | Synchronet BBS 安全漏洞 | |
| CVE-2021-42261 | Revisor Video Management System 路径遍历漏洞 |
IV. Related Vulnerabilities
Same product: rails
- CVE-2025-55193
Active Record logging vulnerable to ANSI escape injection - CVE-2024-54133
Possible Content Security Policy bypass in Action Dispatch - CVE-2024-47889
Action Mailer has possible ReDoS vulnerability in block_form - CVE-2024-47888
Action Text has possible ReDoS vulnerability in plain_text_f - CVE-2024-47887
Action Controller has possible ReDoS vulnerability in HTTP T
Same vendor: n/a
- CVE-2026-8193
Akaunting Invoice PDF Rendering dompdf.php server-side reque - CVE-2026-8186
Open5GS NF client.c ogs_sbi_client_send_via_scp_or_sepp out- - CVE-2026-8187
Open5GS UPF gtp-path.c _gtpv1_u_recv_cb resource consumption - CVE-2026-6667
PgBouncer missing authorization check in KILL_CLIENT admin c - CVE-2026-6666
PgBouncer crash in kill_pool_logins_server_error
Same weakness: CWE-79
- CVE-2026-42455
LinkWarden: Stored XSS via Client-Side Archive Upload (Unsan - CVE-2026-42451
Grimmory: Stored XSS via Malicious EPUB Enables Session Toke - CVE-2026-42556
Postiz stored XSS in public preview page - CVE-2026-42224
ipl/web is vulnerable to reflected XSS by malformed search r - CVE-2026-42192
Plunk: Stored XSS in campaign view
V. Comments for CVE-2011-1497
No comments yet