Description

Multiple cross-site scripting (XSS) vulnerabilities in Contao before 2.10.2 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to index.php in a (1) teachers.html or (2) teachers/ action.

Remediation

References

CVE-2011-4335

Related Vulnerabilities

WordPress Plugin WP Safe Search 'v1' Parameter Cross-Site Scripting (0.7)

Serendipity Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2008-1386)

Magento Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') Vulnerability (CVE-2021-21018)

WordPress Plugin SiteGround Security Security Bypass (1.2.4)

OpenSSL CVE-2021-4160 Vulnerability (CVE-2021-4160)

Severity

Medium

Classification

CVE-2011-4335 CWE-707

Tags

Missing Update Known Vulnerabilities