Description
Multiple cross-site scripting (XSS) vulnerabilities in Contao before 2.10.2 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to index.php in a (1) teachers.html or (2) teachers/ action.
Remediation
References
Related Vulnerabilities
MySQL CVE-2024-21101 Vulnerability (CVE-2024-21101)
PHP Other Vulnerability (CVE-2007-1825)
WordPress Plugin CBX Petition for WordPress SQL Injection (1.0.3)
WordPress Plugin PHP Event Calendar for WordPress Arbitrary File Upload (1.6)
WordPress Plugin Time Sheets Multiple Cross-Site Scripting Vulnerabilities (1.5.1)