Description A cross-site scripting vulnerability flaw was found in the auto_link function in Rails before version 3.0.6. Remediation References CVE-2011-1497 Related Vulnerabilities WordPress Plugin Catch Themes Demo Import Arbitrary File Upload (1.7) MediaWiki Improper Privilege Management Vulnerability (CVE-2020-10534) Lighttpd Use After Free Vulnerability (CVE-2013-4560) WordPress Plugin Contus HD FLV Player 'uploadVideo.php' Arbitrary File Upload (1.7) PHP Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2016-4542) Severity Medium Classification CVE-2011-1497 CWE-707 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Tags Missing Update Known Vulnerabilities