FKIE_CVE-2011-4335
Vulnerability from fkie_nvd - Published: 2011-11-28 11:55 - Updated: 2025-04-11 00:51
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Contao before 2.10.2 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to index.php in a (1) teachers.html or (2) teachers/ action.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:contao:contao_cms:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6BB0D70C-6C40-4777-A3BB-ACB66F57058C",
"versionEndIncluding": "2.10.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contao:contao_cms:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1E1F6555-C853-40A8-8935-7BD275DC610E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contao:contao_cms:2.0:beta-rc1:*:*:*:*:*:*",
"matchCriteriaId": "E210735D-9933-4F57-B9F8-32FC5673F115",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contao:contao_cms:2.0:beta-rc2:*:*:*:*:*:*",
"matchCriteriaId": "40849DFD-C3E2-4283-A543-85B3435E9478",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contao:contao_cms:2.0:beta-rc3:*:*:*:*:*:*",
"matchCriteriaId": "3513D755-3E0B-4997-A0FC-1A397C4BB393",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contao:contao_cms:2.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9E39F68B-98F8-411A-A805-6ECB7BA1F124",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contao:contao_cms:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E227A1DB-AD06-4379-8FB8-27563FB135DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contao:contao_cms:2.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B7710DFC-1A70-4C0C-BD78-673C6386FC0F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contao:contao_cms:2.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D8025EA3-434E-4BAC-BBEE-C4BA62A5E090",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contao:contao_cms:2.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F302D73B-9529-4A39-8681-18707FCBEFA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contao:contao_cms:2.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "5D0AFA4A-20AF-4BB5-AF4C-969293A5ED36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contao:contao_cms:2.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "C906FF5E-9D05-4D3A-A4A2-86662354D5DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contao:contao_cms:2.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "E109C9DE-BD05-4554-B2DA-5A3CAE9FC02C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contao:contao_cms:2.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "6334C150-BAED-4F30-BB49-3998EC7123DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contao:contao_cms:2.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "CB1C6C6D-6007-485D-A65E-C93FD019C10A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contao:contao_cms:2.1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "2498A85B-D23E-4821-A23A-D91D2D4C942E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contao:contao_cms:2.1.11:*:*:*:*:*:*:*",
"matchCriteriaId": "C6CA97EE-C2F3-4D8C-B1FA-C62B238D0A30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contao:contao_cms:2.1.12:*:*:*:*:*:*:*",
"matchCriteriaId": "150C302F-BE3B-4C4F-BA82-DDCD06311C74",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contao:contao_cms:2.1.13:*:*:*:*:*:*:*",
"matchCriteriaId": "963D5D8E-ED92-476F-A3B4-9F7C9834D487",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contao:contao_cms:2.1.14:*:*:*:*:*:*:*",
"matchCriteriaId": "DF7838C9-BB5E-4A12-AF93-9C59D2E165F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contao:contao_cms:2.1.15:*:*:*:*:*:*:*",
"matchCriteriaId": "2A53EE4A-E26E-47EC-8BDD-B1556142FA8B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contao:contao_cms:2.1.16:*:*:*:*:*:*:*",
"matchCriteriaId": "532BEF96-0717-4086-9D97-B4306E816D05",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contao:contao_cms:2.1.17:*:*:*:*:*:*:*",
"matchCriteriaId": "DBC5564D-6430-4DB7-B9F2-387F9859F23E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contao:contao_cms:2.1.18:*:*:*:*:*:*:*",
"matchCriteriaId": "BB7043C6-9744-4299-8EE1-917F6961E155",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contao:contao_cms:2.1.19:*:*:*:*:*:*:*",
"matchCriteriaId": "A8BD438B-73AB-43A3-B1A8-764BD389A514",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contao:contao_cms:2.1.20:*:*:*:*:*:*:*",
"matchCriteriaId": "B7F1B75E-945D-4A8D-BD36-A6932F640C14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contao:contao_cms:2.1.21:*:*:*:*:*:*:*",
"matchCriteriaId": "A9369FB9-A8FE-4596-9ED8-570ECD00D844",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contao:contao_cms:2.1.22:*:*:*:*:*:*:*",
"matchCriteriaId": "502BC608-01B9-41F4-8CC6-E38BBBF58848",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contao:contao_cms:2.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F14AC319-F390-45CE-850E-C62B93855C94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contao:contao_cms:2.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D7418CE4-3A95-47AC-86AB-4798C576FBF7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contao:contao_cms:2.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A0D3D968-2959-4CAA-807E-92E5E754E2D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contao:contao_cms:2.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "0F01BAF8-5DDD-4D07-B44B-98E9DDA763A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contao:contao_cms:2.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "0B5B777A-0808-4FCC-BC3A-4439F06133C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contao:contao_cms:2.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A02D03D7-6424-4196-9910-7CF55B5DDB78",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contao:contao_cms:2.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E417DAC1-DAC8-4B9D-9A8B-9ECA97D02CB4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contao:contao_cms:2.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "F644DEDE-DC3A-4BCA-B47D-5ECE9D1D16F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contao:contao_cms:2.2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "2C4D0369-0FC5-42E0-A314-3D95EA3A1BEE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contao:contao_cms:2.2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "C84259B3-FA0D-43AB-93F6-B56E39C16C11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contao:contao_cms:2.2.10:*:*:*:*:*:*:*",
"matchCriteriaId": "1E7259D5-B95A-4776-BCC6-0EA728BAD8A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contao:contao_cms:2.2.11:*:*:*:*:*:*:*",
"matchCriteriaId": "571B4326-534A-4F13-917A-E70B189B48C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contao:contao_cms:2.2.12:*:*:*:*:*:*:*",
"matchCriteriaId": "A858A058-6C6F-4A55-8F75-7B5C4864FD76",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contao:contao_cms:2.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "66DAB15B-7C53-4F60-AB74-B447ACC89C5A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contao:contao_cms:2.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "41D6B294-FC56-4F67-BDDC-D2BD843E7A88",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contao:contao_cms:2.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0C5F21EE-0EF8-426B-88B6-2B8DAA29D2C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contao:contao_cms:2.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3904DED0-9772-423D-B705-CC2DC622979E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contao:contao_cms:2.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "E4ACD0CD-4E4B-4133-812A-69CF2221504E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contao:contao_cms:2.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7D828A2C-DA93-4CA9-AA4F-1B981FB42170",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contao:contao_cms:2.4.0:beta:*:*:*:*:*:*",
"matchCriteriaId": "18FD90D0-0D81-4AA6-A0C6-FF5A0D612B3B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contao:contao_cms:2.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E3F87637-DD29-4F9D-9069-10DF72F893F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contao:contao_cms:2.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "539D1C67-4486-4278-A10F-4E47A1B6214A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contao:contao_cms:2.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "8FC54491-D847-49F4-8477-C7223FEFDED8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contao:contao_cms:2.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "DBA47797-CC87-4540-9988-EFB25416CBE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contao:contao_cms:2.4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "8F0D3AD5-753F-4089-8F16-99A4E79717A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contao:contao_cms:2.4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "2D75366F-5976-4088-9973-ADA2B826EAA7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contao:contao_cms:2.4.7:*:*:*:*:*:*:*",
"matchCriteriaId": "CFABCCAE-0BE7-480E-B1EC-D5E8F991BE0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contao:contao_cms:2.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "ADC7A261-780D-41D4-9F61-80E7474C0247",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contao:contao_cms:2.5.0:beta:*:*:*:*:*:*",
"matchCriteriaId": "8A170F03-D582-405C-8B22-2E3405989B99",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contao:contao_cms:2.5.0:beta-rc2:*:*:*:*:*:*",
"matchCriteriaId": "F37147E6-795B-4C4B-AE9E-458D45272ED0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contao:contao_cms:2.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2D150167-00AC-416C-88C7-C901E80B096E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contao:contao_cms:2.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "22CA6235-6D32-4C84-BF29-D8432F8403D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contao:contao_cms:2.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3852AB7E-2CF7-42A5-80F9-D921FA311359",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contao:contao_cms:2.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "2FCCF09E-899D-4BDD-87F7-7D0866EDC06A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contao:contao_cms:2.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "4A296368-5FFE-4037-A58E-FBC24783B7B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contao:contao_cms:2.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E497999A-ACE7-47BC-A0C7-8F6A2CE25EAC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contao:contao_cms:2.5.7:*:*:*:*:*:*:*",
"matchCriteriaId": "E841B29E-628A-4E77-AB59-32C222973252",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contao:contao_cms:2.5.8:*:*:*:*:*:*:*",
"matchCriteriaId": "C503BE53-AC21-4381-85B2-A9F73B0F68F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contao:contao_cms:2.5.9:*:*:*:*:*:*:*",
"matchCriteriaId": "93ABE05F-92E2-40FE-858A-D15B98B0677B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contao:contao_cms:2.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E276325C-5B69-4A4B-B6ED-CEDB8D93AB0F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contao:contao_cms:2.6.0:beta:*:*:*:*:*:*",
"matchCriteriaId": "C8F7C378-3908-4151-BE03-2A8180A8FBFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contao:contao_cms:2.6.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "73844A9B-C6A0-4B5C-9A17-883A0624E30C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contao:contao_cms:2.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BC882715-1899-4AA2-85B7-082BFD186AD1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contao:contao_cms:2.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BC53C9EC-04D1-4C69-A6FC-C03E7CEB2A74",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contao:contao_cms:2.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "401C9B5D-2789-4F20-9F69-763EB9428C56",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contao:contao_cms:2.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "35AE8028-3B12-49FB-BCB4-F6F4614A7582",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contao:contao_cms:2.6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "1BBDC8B4-88C6-4F90-8F98-B28C381598AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contao:contao_cms:2.6.6:*:*:*:*:*:*:*",
"matchCriteriaId": "10C0B8CB-B290-43C9-96ED-F3401F556339",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contao:contao_cms:2.6.7:*:*:*:*:*:*:*",
"matchCriteriaId": "3DB45B3B-C7FE-4B02-A7D4-F7DDAF988D89",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contao:contao_cms:2.6.8:*:*:*:*:*:*:*",
"matchCriteriaId": "E34758B1-BDAC-4277-A141-E54792414D15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contao:contao_cms:2.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "711FA883-8573-4D82-8ABB-6CF57A375CCF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contao:contao_cms:2.7.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "7EE97438-13F6-48A4-83FB-4B5A0953F5BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contao:contao_cms:2.7.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "6F6C1E95-ACA1-467C-B83C-D181A5C2E7E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contao:contao_cms:2.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C10EFA4D-BC0A-47DA-BBF6-7CC7A71ABC62",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contao:contao_cms:2.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CCBAA823-61A6-4A63-B348-5358152E02FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contao:contao_cms:2.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F8432155-FC1D-454B-AADE-91845E4D4170",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contao:contao_cms:2.7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D0A4BA44-4C22-448B-BB57-3B150309E7AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contao:contao_cms:2.7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "4FEFFCF5-60B3-4299-842C-736B5A0A9E66",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contao:contao_cms:2.7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "0175BDCC-B3A5-48A7-AE77-AE9BBFCB292F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contao:contao_cms:2.7.7:*:*:*:*:*:*:*",
"matchCriteriaId": "965280FF-E31E-4027-81AF-984DBB2D20C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contao:contao_cms:2.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C3DD8B58-4D71-4E24-A3BB-15FF14AC1ABD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contao:contao_cms:2.8.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "2B900603-6D38-4602-94B4-6DB37BF0FC16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contao:contao_cms:2.8.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "C3FA521A-6593-4A5B-A582-3E9DA804C973",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contao:contao_cms:2.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "16C95AAB-A346-43BE-B2ED-6D52835EDA2B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contao:contao_cms:2.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A7D0F246-7839-4DD7-A73F-64AD1CFCB643",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contao:contao_cms:2.8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "4DA67F43-1CC3-42B1-84CB-6FD458B6EC81",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contao:contao_cms:2.8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "018A50A3-E79C-4CDF-9AAD-60CB97A5141B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contao:contao_cms:2.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0ACCC146-D248-4199-9C60-B9499586C3A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contao:contao_cms:2.9.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "A762BEF8-C457-423C-A3A6-8ED49E503F8C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contao:contao_cms:2.9.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "CC962AF4-4FA6-421A-8F9B-B425E1E48E0D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contao:contao_cms:2.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4D8973E6-02D9-4EDC-92FD-C8789851CE81",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contao:contao_cms:2.9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5948A9DB-8CD3-4AB6-BAD4-B1341F4E3C14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contao:contao_cms:2.9.3:*:*:*:*:*:*:*",
"matchCriteriaId": "4D99A88B-01CD-4AED-9FF5-31DBE0513E29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contao:contao_cms:2.9.4:*:*:*:*:*:*:*",
"matchCriteriaId": "EA9D573F-4426-4608-A1AB-DD169EC83CE4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contao:contao_cms:2.9.5:*:*:*:*:*:*:*",
"matchCriteriaId": "47F48DCD-9AB8-4FD0-90B7-5CA8C54ED97A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contao:contao_cms:2.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6D359463-9BC3-451C-8576-2FEFC3123CC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contao:contao_cms:2.10.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "91581DD0-044A-41F4-B258-BFF8D3DC60E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contao:contao_cms:2.10.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "BEBDD36E-D29F-4D95-81C9-4F51D8F47364",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Contao before 2.10.2 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to index.php in a (1) teachers.html or (2) teachers/ action."
},
{
"lang": "es",
"value": "Multiples vulnerabilidades de ejecuci\u00f3n de comandos en sitios cruzados (XSS) en Contao antes de la versi\u00f3n v2.10.2 permiten a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s de la variable par\u00e1metro PATH_INFO a index.php en una acci\u00f3n (1) teachers.html \u00f3 (2) teachers/ acci\u00f3n."
}
],
"id": "CVE-2011-4335",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2011-11-28T11:55:10.313",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://dev.contao.org/projects/typolight/repository/revisions/1041"
},
{
"source": "secalert@redhat.com",
"url": "http://openwall.com/lists/oss-security/2011/11/21/30"
},
{
"source": "secalert@redhat.com",
"url": "http://openwall.com/lists/oss-security/2011/11/22/1"
},
{
"source": "secalert@redhat.com",
"url": "http://www.rul3z.de/advisories/SSCHADV2011-025.txt"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/archive/1/520046/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://dev.contao.org/projects/typolight/repository/revisions/1041"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/11/21/30"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/11/22/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.rul3z.de/advisories/SSCHADV2011-025.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/520046/100/0/threaded"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…