Vulnerability Description
Multiple cross-site scripting (XSS) vulnerabilities in Contao before 2.10.2 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to index.php in a (1) teachers.html or (2) teachers/ action.
CVSS Score
4.3
MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Contao | Contao Cms | <= 2.10.1 |
Related Weaknesses (CWE)
References
- http://dev.contao.org/projects/typolight/repository/revisions/1041
- http://openwall.com/lists/oss-security/2011/11/21/30
- http://openwall.com/lists/oss-security/2011/11/22/1
- http://www.rul3z.de/advisories/SSCHADV2011-025.txt
- http://www.securityfocus.com/archive/1/520046/100/0/threaded
- http://dev.contao.org/projects/typolight/repository/revisions/1041
- http://openwall.com/lists/oss-security/2011/11/21/30
- http://openwall.com/lists/oss-security/2011/11/22/1
- http://www.rul3z.de/advisories/SSCHADV2011-025.txt
- http://www.securityfocus.com/archive/1/520046/100/0/threaded
FAQ
What is CVE-2011-4335?
CVE-2011-4335 is a vulnerability with a CVSS score of 4.3 (MEDIUM). Multiple cross-site scripting (XSS) vulnerabilities in Contao before 2.10.2 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to index.php in a (1) teachers.html or (2) t...
How severe is CVE-2011-4335?
CVE-2011-4335 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2011-4335?
Check the references section above for vendor advisories and patch information. Affected products include: Contao Contao Cms.