CVE-2011-4335

Multiple cross-site scripting (XSS) vulnerabilities in Contao before 2.10.2 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to index.php in a (1) teachers.html or (2) teachers/ action.
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:N
redhatCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 72%
VendorProductVersion
contaocontao_cms
𝑥
≤ 2.10.1
contaocontao_cms
2.0
contaocontao_cms
2.0:beta-rc1
contaocontao_cms
2.0:beta-rc2
contaocontao_cms
2.0:beta-rc3
contaocontao_cms
2.1.0
contaocontao_cms
2.1.1
contaocontao_cms
2.1.2
contaocontao_cms
2.1.3
contaocontao_cms
2.1.4
contaocontao_cms
2.1.5
contaocontao_cms
2.1.6
contaocontao_cms
2.1.7
contaocontao_cms
2.1.8
contaocontao_cms
2.1.9
contaocontao_cms
2.1.10
contaocontao_cms
2.1.11
contaocontao_cms
2.1.12
contaocontao_cms
2.1.13
contaocontao_cms
2.1.14
contaocontao_cms
2.1.15
contaocontao_cms
2.1.16
contaocontao_cms
2.1.17
contaocontao_cms
2.1.18
contaocontao_cms
2.1.19
contaocontao_cms
2.1.20
contaocontao_cms
2.1.21
contaocontao_cms
2.1.22
contaocontao_cms
2.2.0
contaocontao_cms
2.2.1
contaocontao_cms
2.2.2
contaocontao_cms
2.2.3
contaocontao_cms
2.2.4
contaocontao_cms
2.2.5
contaocontao_cms
2.2.6
contaocontao_cms
2.2.7
contaocontao_cms
2.2.8
contaocontao_cms
2.2.9
contaocontao_cms
2.2.10
contaocontao_cms
2.2.11
contaocontao_cms
2.2.12
contaocontao_cms
2.3.0
contaocontao_cms
2.3.1
contaocontao_cms
2.3.2
contaocontao_cms
2.3.3
contaocontao_cms
2.3.4
contaocontao_cms
2.4.0
contaocontao_cms
2.4.0:beta
contaocontao_cms
2.4.1
contaocontao_cms
2.4.2
contaocontao_cms
2.4.3
contaocontao_cms
2.4.4
contaocontao_cms
2.4.5
contaocontao_cms
2.4.6
contaocontao_cms
2.4.7
contaocontao_cms
2.5.0
contaocontao_cms
2.5.0:beta
contaocontao_cms
2.5.0:beta-rc2
contaocontao_cms
2.5.1
contaocontao_cms
2.5.2
contaocontao_cms
2.5.3
contaocontao_cms
2.5.4
contaocontao_cms
2.5.5
contaocontao_cms
2.5.6
contaocontao_cms
2.5.7
contaocontao_cms
2.5.8
contaocontao_cms
2.5.9
contaocontao_cms
2.6.0
contaocontao_cms
2.6.0:beta
contaocontao_cms
2.6.0:beta2
contaocontao_cms
2.6.1
contaocontao_cms
2.6.2
contaocontao_cms
2.6.3
contaocontao_cms
2.6.4
contaocontao_cms
2.6.5
contaocontao_cms
2.6.6
contaocontao_cms
2.6.7
contaocontao_cms
2.6.8
contaocontao_cms
2.7.0
contaocontao_cms
2.7.0:rc1
contaocontao_cms
2.7.0:rc2
contaocontao_cms
2.7.1
contaocontao_cms
2.7.2
contaocontao_cms
2.7.3
contaocontao_cms
2.7.4
contaocontao_cms
2.7.5
contaocontao_cms
2.7.6
contaocontao_cms
2.7.7
contaocontao_cms
2.8.0
contaocontao_cms
2.8.0:rc1
contaocontao_cms
2.8.0:rc2
contaocontao_cms
2.8.1
contaocontao_cms
2.8.2
contaocontao_cms
2.8.3
contaocontao_cms
2.8.4
contaocontao_cms
2.9.0
contaocontao_cms
2.9.0:beta1
contaocontao_cms
2.9.0:rc1
contaocontao_cms
2.9.1
contaocontao_cms
2.9.2
contaocontao_cms
2.9.3
contaocontao_cms
2.9.4
contaocontao_cms
2.9.5
contaocontao_cms
2.10.0
contaocontao_cms
2.10.0:beta1
contaocontao_cms
2.10.0:rc1
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://dev.contao.org/projects/typolight/repository/revisions/1041
http://openwall.com/lists/oss-security/2011/11/21/30
http://openwall.com/lists/oss-security/2011/11/22/1
http://www.rul3z.de/advisories/SSCHADV2011-025.txt
http://www.securityfocus.com/archive/1/520046/100/0/threaded
http://dev.contao.org/projects/typolight/repository/revisions/1041
http://openwall.com/lists/oss-security/2011/11/21/30
http://openwall.com/lists/oss-security/2011/11/22/1
http://www.rul3z.de/advisories/SSCHADV2011-025.txt
http://www.securityfocus.com/archive/1/520046/100/0/threaded