Lucene search
HistoryNov 28, 2011 - 11:55 a.m.
CVE-2011-4335
cve-2011-4335
contao
xss
vulnerabilities
web script
html
nvd
4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
5.8 Medium
AI Score
Confidence
High
0.003 Low
EPSS
Percentile
71.4%
Multiple cross-site scripting (XSS) vulnerabilities in Contao before 2.10.2 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to index.php in a (1) teachers.html or (2) teachers/ action.
Affected configurations
Node
contaocontao_cmsRange≤2.10.1
ORcontaocontao_cmsMatch2.0
ORcontaocontao_cmsMatch2.0beta-rc1
ORcontaocontao_cmsMatch2.0beta-rc2
ORcontaocontao_cmsMatch2.0beta-rc3
ORcontaocontao_cmsMatch2.1.0
ORcontaocontao_cmsMatch2.1.1
ORcontaocontao_cmsMatch2.1.2
ORcontaocontao_cmsMatch2.1.3
ORcontaocontao_cmsMatch2.1.4
ORcontaocontao_cmsMatch2.1.5
ORcontaocontao_cmsMatch2.1.6
ORcontaocontao_cmsMatch2.1.7
ORcontaocontao_cmsMatch2.1.8
ORcontaocontao_cmsMatch2.1.9
ORcontaocontao_cmsMatch2.1.10
ORcontaocontao_cmsMatch2.1.11
ORcontaocontao_cmsMatch2.1.12
ORcontaocontao_cmsMatch2.1.13
ORcontaocontao_cmsMatch2.1.14
ORcontaocontao_cmsMatch2.1.15
ORcontaocontao_cmsMatch2.1.16
ORcontaocontao_cmsMatch2.1.17
ORcontaocontao_cmsMatch2.1.18
ORcontaocontao_cmsMatch2.1.19
ORcontaocontao_cmsMatch2.1.20
ORcontaocontao_cmsMatch2.1.21
ORcontaocontao_cmsMatch2.1.22
ORcontaocontao_cmsMatch2.2.0
ORcontaocontao_cmsMatch2.2.1
ORcontaocontao_cmsMatch2.2.2
ORcontaocontao_cmsMatch2.2.3
ORcontaocontao_cmsMatch2.2.4
ORcontaocontao_cmsMatch2.2.5
ORcontaocontao_cmsMatch2.2.6
ORcontaocontao_cmsMatch2.2.7
ORcontaocontao_cmsMatch2.2.8
ORcontaocontao_cmsMatch2.2.9
ORcontaocontao_cmsMatch2.2.10
ORcontaocontao_cmsMatch2.2.11
ORcontaocontao_cmsMatch2.2.12
ORcontaocontao_cmsMatch2.3.0
ORcontaocontao_cmsMatch2.3.1
ORcontaocontao_cmsMatch2.3.2
ORcontaocontao_cmsMatch2.3.3
ORcontaocontao_cmsMatch2.3.4
ORcontaocontao_cmsMatch2.4.0
ORcontaocontao_cmsMatch2.4.0beta
ORcontaocontao_cmsMatch2.4.1
ORcontaocontao_cmsMatch2.4.2
ORcontaocontao_cmsMatch2.4.3
ORcontaocontao_cmsMatch2.4.4
ORcontaocontao_cmsMatch2.4.5
ORcontaocontao_cmsMatch2.4.6
ORcontaocontao_cmsMatch2.4.7
ORcontaocontao_cmsMatch2.5.0
ORcontaocontao_cmsMatch2.5.0beta
ORcontaocontao_cmsMatch2.5.0beta-rc2
ORcontaocontao_cmsMatch2.5.1
ORcontaocontao_cmsMatch2.5.2
ORcontaocontao_cmsMatch2.5.3
ORcontaocontao_cmsMatch2.5.4
ORcontaocontao_cmsMatch2.5.5
ORcontaocontao_cmsMatch2.5.6
ORcontaocontao_cmsMatch2.5.7
ORcontaocontao_cmsMatch2.5.8
ORcontaocontao_cmsMatch2.5.9
ORcontaocontao_cmsMatch2.6.0
ORcontaocontao_cmsMatch2.6.0beta
ORcontaocontao_cmsMatch2.6.0beta2
ORcontaocontao_cmsMatch2.6.1
ORcontaocontao_cmsMatch2.6.2
ORcontaocontao_cmsMatch2.6.3
ORcontaocontao_cmsMatch2.6.4
ORcontaocontao_cmsMatch2.6.5
ORcontaocontao_cmsMatch2.6.6
ORcontaocontao_cmsMatch2.6.7
ORcontaocontao_cmsMatch2.6.8
ORcontaocontao_cmsMatch2.7.0
ORcontaocontao_cmsMatch2.7.0rc1
ORcontaocontao_cmsMatch2.7.0rc2
ORcontaocontao_cmsMatch2.7.1
ORcontaocontao_cmsMatch2.7.2
ORcontaocontao_cmsMatch2.7.3
ORcontaocontao_cmsMatch2.7.4
ORcontaocontao_cmsMatch2.7.5
ORcontaocontao_cmsMatch2.7.6
ORcontaocontao_cmsMatch2.7.7
ORcontaocontao_cmsMatch2.8.0
ORcontaocontao_cmsMatch2.8.0rc1
ORcontaocontao_cmsMatch2.8.0rc2
ORcontaocontao_cmsMatch2.8.1
ORcontaocontao_cmsMatch2.8.2
ORcontaocontao_cmsMatch2.8.3
ORcontaocontao_cmsMatch2.8.4
ORcontaocontao_cmsMatch2.9.0
ORcontaocontao_cmsMatch2.9.0beta1
ORcontaocontao_cmsMatch2.9.0rc1
ORcontaocontao_cmsMatch2.9.1
ORcontaocontao_cmsMatch2.9.2
ORcontaocontao_cmsMatch2.9.3
ORcontaocontao_cmsMatch2.9.4
ORcontaocontao_cmsMatch2.9.5
ORcontaocontao_cmsMatch2.10.0
ORcontaocontao_cmsMatch2.10.0beta1
ORcontaocontao_cmsMatch2.10.0rc1
Related
openvas
openvas
Contao CMS Cross-Site Scripting Vulnerability
2011-12-02 00:00:00
Contao CMS Cross-Site Scripting Vulnerability
2011-12-02 00:00:00
cvelist
cvelist
CVE-2011-4335
2011-11-28 11:00:00
nvd
nvd
CVE-2011-4335
2011-11-28 11:55:10
prion
prion
Cross site scripting
2011-11-28 11:55:00
4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
5.8 Medium
AI Score
Confidence
High
0.003 Low
EPSS
Percentile
71.4%
Related for CVE-2011-4335