VulnerableCode Vulnerability Details

Staging Environment: Content and features may be unstable or change without notice.

Search for vulnerabilities

Vulnerability details: VCID-5pfg-7ntp-eff4

Essentials
Severities (16)
References (23)
Severity details (15)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-5pfg-7ntp-eff4
Aliases	CVE-2011-4319 GHSA-xxr8-833v-c7wc OSV-77199
Summary	Cross-site Scripting vulnerability in i18n translations helper method Cross-site scripting (XSS) vulnerability in the i18n translations helper method in Ruby on Rails 3.0.x before 3.0.11 and 3.1.x before 3.1.2, and the rails_xss plugin in Ruby on Rails 2.3.x, allows remote attackers to inject arbitrary web script or HTML via vectors related to a translations string whose name ends with an "html" substring.
Status	Published
Exploitability	None
Weighted Severity	None
Risk	None
Affected and Fixed Packages	Package Details

Weaknesses (3)

CWE-79	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities

System	Score	Found at
generic_textual	MODERATE	http://groups.google.com/group/rubyonrails-security/browse_thread/thread/2b61d70fb73c7cc5?pli=1
generic_textual	MODERATE	http://groups.google.com/group/rubyonrails-security/msg/c65c24fbc4b6dd82?dmode=source&output=gplain
generic_textual	MODERATE	http://openwall.com/lists/oss-security/2011/11/18/8
epss	0.00607	https://api.first.org/data/v1/epss?cve=CVE-2011-4319
generic_textual	MODERATE	https://exchange.xforce.ibmcloud.com/vulnerabilities/71364
cvssv3.1_qr	MODERATE	https://github.com/advisories/GHSA-xxr8-833v-c7wc
generic_textual	MODERATE	https://github.com/rails/rails
generic_textual	MODERATE	https://github.com/rails/rails/commit/2d5b105d4bcb652550dda8b5613376d1b8beb70c
generic_textual	MODERATE	https://github.com/rails/rails/commit/ba2d85012088fd0db0fab98b2e512c77c83cbade
generic_textual	MODERATE	https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2011-4319.yml
generic_textual	MODERATE	https://groups.google.com/forum/#!topic/rubyonrails-security/K2HXD7c8fMU
generic_textual	MODERATE	https://nvd.nist.gov/vuln/detail/CVE-2011-4319
generic_textual	MODERATE	https://web.archive.org/web/20200228155840/http://www.securityfocus.com/bid/50722
generic_textual	MODERATE	https://web.archive.org/web/20210307005941/http://www.securitytracker.com/id?1026342
generic_textual	MODERATE	http://weblog.rubyonrails.org/2011/11/18/rails-3-0-11-has-been-released
generic_textual	MODERATE	http://weblog.rubyonrails.org/2011/11/18/rails-3-1-2-has-been-released

Reference id	Reference type	URL
		http://groups.google.com/group/rubyonrails-security/browse_thread/thread/2b61d70fb73c7cc5?pli=1
		http://groups.google.com/group/rubyonrails-security/msg/c65c24fbc4b6dd82?dmode=source&output=gplain
		http://openwall.com/lists/oss-security/2011/11/18/8
		http://osvdb.org/77199
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-4319.json
		https://api.first.org/data/v1/epss?cve=CVE-2011-4319
		https://exchange.xforce.ibmcloud.com/vulnerabilities/71364
		https://github.com/rails/rails
		https://github.com/rails/rails/commit/2d5b105d4bcb652550dda8b5613376d1b8beb70c
		https://github.com/rails/rails/commit/ba2d85012088fd0db0fab98b2e512c77c83cbade
		https://github.com/rails/rails/commit/ba2d85012088fd0db0fab98b2e512c77c83cbade#diff-79e8a3e6d1d2808c4f93f63b3928a5a1
		https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2011-4319.yml
		https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/OSVDB-77199.yml
		https://groups.google.com/forum/#!topic/rubyonrails-security/K2HXD7c8fMU
		https://nvd.nist.gov/vuln/detail/CVE-2011-4319
		https://web.archive.org/web/20200228155840/http://www.securityfocus.com/bid/50722
		https://web.archive.org/web/20210307005941/http://www.securitytracker.com/id?1026342
		http://weblog.rubyonrails.org/2011/11/18/rails-3-0-11-has-been-released
		http://weblog.rubyonrails.org/2011/11/18/rails-3-1-2-has-been-released
		http://www.securityfocus.com/bid/50722
		http://www.securitytracker.com/id?1026342
755004		https://bugzilla.redhat.com/show_bug.cgi?id=755004
GHSA-xxr8-833v-c7wc		https://github.com/advisories/GHSA-xxr8-833v-c7wc

No exploits are available.

Exploit Prediction Scoring System (EPSS)

Percentile	0.70015
EPSS Score	0.00607
Published At	May 29, 2026, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2026-05-29T08:57:05.703668+00:00	GithubOSV Importer	Import	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2017/10/GHSA-xxr8-833v-c7wc/GHSA-xxr8-833v-c7wc.json	38.6.0