Description

Multiple cross-site scripting (XSS) vulnerabilities in Contao before 2.10.2 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to index.php in a (1) teachers.html or (2) teachers/ action.

Remediation

References

CVE-2011-4335

Related Vulnerabilities

Microsoft SQL Server Permissions, Privileges, and Access Controls Vulnerability (CVE-2007-5090)

Craft CMS Weak Password Recovery Mechanism for Forgotten Password Vulnerability (CVE-2022-29933)

Jboss EAP Deserialization of Untrusted Data Vulnerability (CVE-2016-3690)

PHP Out-of-bounds Write Vulnerability (CVE-2022-31627)

Joomla! Core 1.7.x Information Disclosure (1.7.0 - 1.7.3)

Severity

Medium

Classification

CVE-2011-4335 CWE-707

Tags

Missing Update Known Vulnerabilities