{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2011-11-21T00:00:00", "descriptions": [{"lang": "en", "value": "Multiple cross-site scripting (XSS) vulnerabilities in Contao before 2.10.2 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to index.php in a (1) teachers.html or (2) teachers/ action."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-09T18:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "20111008 Contao 2.10.1 Cross-site scripting vulnerability", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/520046/100/0/threaded"}, {"name": "[oss-security] 20111122 CVE-request: Contao 2.10.1 Cross-site scripting vulnerability", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://openwall.com/lists/oss-security/2011/11/21/30"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://dev.contao.org/projects/typolight/repository/revisions/1041"}, {"name": "[oss-security] 20111121 Re: CVE-request: Contao 2.10.1 Cross-site scripting vulnerability", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://openwall.com/lists/oss-security/2011/11/22/1"}, {"tags": ["x_refsource_MISC"], "url": "http://www.rul3z.de/advisories/SSCHADV2011-025.txt"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secalert@redhat.com", "ID": "CVE-2011-4335", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Multiple cross-site scripting (XSS) vulnerabilities in Contao before 2.10.2 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to index.php in a (1) teachers.html or (2) teachers/ action."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "20111008 Contao 2.10.1 Cross-site scripting vulnerability", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/520046/100/0/threaded"}, {"name": "[oss-security] 20111122 CVE-request: Contao 2.10.1 Cross-site scripting vulnerability", "refsource": "MLIST", "url": "http://openwall.com/lists/oss-security/2011/11/21/30"}, {"name": "http://dev.contao.org/projects/typolight/repository/revisions/1041", "refsource": "CONFIRM", "url": "http://dev.contao.org/projects/typolight/repository/revisions/1041"}, {"name": "[oss-security] 20111121 Re: CVE-request: Contao 2.10.1 Cross-site scripting vulnerability", "refsource": "MLIST", "url": "http://openwall.com/lists/oss-security/2011/11/22/1"}, {"name": "http://www.rul3z.de/advisories/SSCHADV2011-025.txt", "refsource": "MISC", "url": "http://www.rul3z.de/advisories/SSCHADV2011-025.txt"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T00:01:51.590Z"}, "title": "CVE Program Container", "references": [{"name": "20111008 Contao 2.10.1 Cross-site scripting vulnerability", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/520046/100/0/threaded"}, {"name": "[oss-security] 20111122 CVE-request: Contao 2.10.1 Cross-site scripting vulnerability", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://openwall.com/lists/oss-security/2011/11/21/30"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://dev.contao.org/projects/typolight/repository/revisions/1041"}, {"name": "[oss-security] 20111121 Re: CVE-request: Contao 2.10.1 Cross-site scripting vulnerability", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://openwall.com/lists/oss-security/2011/11/22/1"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.rul3z.de/advisories/SSCHADV2011-025.txt"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2011-4335", "datePublished": "2011-11-28T11:00:00", "dateReserved": "2011-11-04T00:00:00", "dateUpdated": "2024-08-07T00:01:51.590Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:contao:contao_cms:*:*:*:*:*:*:*:*", "matchCriteriaId": "6BB0D70C-6C40-4777-A3BB-ACB66F57058C", "versionEndIncluding": "2.10.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:contao:contao_cms:2.0:*:*:*:*:*:*:*", "matchCriteriaId": "1E1F6555-C853-40A8-8935-7BD275DC610E", "vulnerable": true}, {"criteria": "cpe:2.3:a:contao:contao_cms:2.0:beta-rc1:*:*:*:*:*:*", "matchCriteriaId": "E210735D-9933-4F57-B9F8-32FC5673F115", "vulnerable": true}, {"criteria": "cpe:2.3:a:contao:contao_cms:2.0:beta-rc2:*:*:*:*:*:*", "matchCriteriaId": "40849DFD-C3E2-4283-A543-85B3435E9478", "vulnerable": true}, {"criteria": "cpe:2.3:a:contao:contao_cms:2.0:beta-rc3:*:*:*:*:*:*", "matchCriteriaId": "3513D755-3E0B-4997-A0FC-1A397C4BB393", "vulnerable": true}, {"criteria": "cpe:2.3:a:contao:contao_cms:2.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "9E39F68B-98F8-411A-A805-6ECB7BA1F124", "vulnerable": true}, {"criteria": "cpe:2.3:a:contao:contao_cms:2.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "E227A1DB-AD06-4379-8FB8-27563FB135DA", "vulnerable": true}, {"criteria": "cpe:2.3:a:contao:contao_cms:2.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "B7710DFC-1A70-4C0C-BD78-673C6386FC0F", "vulnerable": true}, {"criteria": "cpe:2.3:a:contao:contao_cms:2.1.3:*:*:*:*:*:*:*", "matchCriteriaId": "D8025EA3-434E-4BAC-BBEE-C4BA62A5E090", "vulnerable": true}, {"criteria": "cpe:2.3:a:contao:contao_cms:2.1.4:*:*:*:*:*:*:*", "matchCriteriaId": "F302D73B-9529-4A39-8681-18707FCBEFA1", "vulnerable": true}, {"criteria": "cpe:2.3:a:contao:contao_cms:2.1.5:*:*:*:*:*:*:*", "matchCriteriaId": "5D0AFA4A-20AF-4BB5-AF4C-969293A5ED36", "vulnerable": true}, {"criteria": "cpe:2.3:a:contao:contao_cms:2.1.6:*:*:*:*:*:*:*", "matchCriteriaId": "C906FF5E-9D05-4D3A-A4A2-86662354D5DC", "vulnerable": true}, {"criteria": "cpe:2.3:a:contao:contao_cms:2.1.7:*:*:*:*:*:*:*", "matchCriteriaId": "E109C9DE-BD05-4554-B2DA-5A3CAE9FC02C", "vulnerable": true}, {"criteria": "cpe:2.3:a:contao:contao_cms:2.1.8:*:*:*:*:*:*:*", "matchCriteriaId": "6334C150-BAED-4F30-BB49-3998EC7123DA", "vulnerable": true}, {"criteria": "cpe:2.3:a:contao:contao_cms:2.1.9:*:*:*:*:*:*:*", "matchCriteriaId": "CB1C6C6D-6007-485D-A65E-C93FD019C10A", "vulnerable": true}, {"criteria": "cpe:2.3:a:contao:contao_cms:2.1.10:*:*:*:*:*:*:*", "matchCriteriaId": "2498A85B-D23E-4821-A23A-D91D2D4C942E", "vulnerable": true}, {"criteria": "cpe:2.3:a:contao:contao_cms:2.1.11:*:*:*:*:*:*:*", "matchCriteriaId": "C6CA97EE-C2F3-4D8C-B1FA-C62B238D0A30", "vulnerable": true}, {"criteria": "cpe:2.3:a:contao:contao_cms:2.1.12:*:*:*:*:*:*:*", "matchCriteriaId": "150C302F-BE3B-4C4F-BA82-DDCD06311C74", "vulnerable": true}, {"criteria": "cpe:2.3:a:contao:contao_cms:2.1.13:*:*:*:*:*:*:*", "matchCriteriaId": "963D5D8E-ED92-476F-A3B4-9F7C9834D487", "vulnerable": true}, {"criteria": "cpe:2.3:a:contao:contao_cms:2.1.14:*:*:*:*:*:*:*", "matchCriteriaId": "DF7838C9-BB5E-4A12-AF93-9C59D2E165F7", "vulnerable": true}, {"criteria": "cpe:2.3:a:contao:contao_cms:2.1.15:*:*:*:*:*:*:*", "matchCriteriaId": "2A53EE4A-E26E-47EC-8BDD-B1556142FA8B", "vulnerable": true}, {"criteria": "cpe:2.3:a:contao:contao_cms:2.1.16:*:*:*:*:*:*:*", "matchCriteriaId": "532BEF96-0717-4086-9D97-B4306E816D05", "vulnerable": true}, {"criteria": "cpe:2.3:a:contao:contao_cms:2.1.17:*:*:*:*:*:*:*", "matchCriteriaId": "DBC5564D-6430-4DB7-B9F2-387F9859F23E", "vulnerable": true}, {"criteria": "cpe:2.3:a:contao:contao_cms:2.1.18:*:*:*:*:*:*:*", "matchCriteriaId": "BB7043C6-9744-4299-8EE1-917F6961E155", "vulnerable": true}, {"criteria": "cpe:2.3:a:contao:contao_cms:2.1.19:*:*:*:*:*:*:*", "matchCriteriaId": "A8BD438B-73AB-43A3-B1A8-764BD389A514", "vulnerable": true}, {"criteria": "cpe:2.3:a:contao:contao_cms:2.1.20:*:*:*:*:*:*:*", "matchCriteriaId": "B7F1B75E-945D-4A8D-BD36-A6932F640C14", "vulnerable": true}, {"criteria": "cpe:2.3:a:contao:contao_cms:2.1.21:*:*:*:*:*:*:*", "matchCriteriaId": "A9369FB9-A8FE-4596-9ED8-570ECD00D844", "vulnerable": true}, {"criteria": "cpe:2.3:a:contao:contao_cms:2.1.22:*:*:*:*:*:*:*", "matchCriteriaId": "502BC608-01B9-41F4-8CC6-E38BBBF58848", "vulnerable": true}, {"criteria": "cpe:2.3:a:contao:contao_cms:2.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "F14AC319-F390-45CE-850E-C62B93855C94", "vulnerable": true}, {"criteria": "cpe:2.3:a:contao:contao_cms:2.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "D7418CE4-3A95-47AC-86AB-4798C576FBF7", "vulnerable": true}, {"criteria": "cpe:2.3:a:contao:contao_cms:2.2.2:*:*:*:*:*:*:*", "matchCriteriaId": "A0D3D968-2959-4CAA-807E-92E5E754E2D4", "vulnerable": true}, {"criteria": "cpe:2.3:a:contao:contao_cms:2.2.3:*:*:*:*:*:*:*", "matchCriteriaId": "0F01BAF8-5DDD-4D07-B44B-98E9DDA763A6", "vulnerable": true}, {"criteria": "cpe:2.3:a:contao:contao_cms:2.2.4:*:*:*:*:*:*:*", "matchCriteriaId": "0B5B777A-0808-4FCC-BC3A-4439F06133C5", "vulnerable": true}, {"criteria": "cpe:2.3:a:contao:contao_cms:2.2.5:*:*:*:*:*:*:*", "matchCriteriaId": "A02D03D7-6424-4196-9910-7CF55B5DDB78", "vulnerable": true}, {"criteria": "cpe:2.3:a:contao:contao_cms:2.2.6:*:*:*:*:*:*:*", "matchCriteriaId": "E417DAC1-DAC8-4B9D-9A8B-9ECA97D02CB4", "vulnerable": true}, {"criteria": "cpe:2.3:a:contao:contao_cms:2.2.7:*:*:*:*:*:*:*", "matchCriteriaId": "F644DEDE-DC3A-4BCA-B47D-5ECE9D1D16F8", "vulnerable": true}, {"criteria": "cpe:2.3:a:contao:contao_cms:2.2.8:*:*:*:*:*:*:*", "matchCriteriaId": "2C4D0369-0FC5-42E0-A314-3D95EA3A1BEE", "vulnerable": true}, {"criteria": "cpe:2.3:a:contao:contao_cms:2.2.9:*:*:*:*:*:*:*", "matchCriteriaId": "C84259B3-FA0D-43AB-93F6-B56E39C16C11", "vulnerable": true}, {"criteria": "cpe:2.3:a:contao:contao_cms:2.2.10:*:*:*:*:*:*:*", "matchCriteriaId": "1E7259D5-B95A-4776-BCC6-0EA728BAD8A2", "vulnerable": true}, {"criteria": "cpe:2.3:a:contao:contao_cms:2.2.11:*:*:*:*:*:*:*", "matchCriteriaId": "571B4326-534A-4F13-917A-E70B189B48C2", "vulnerable": true}, {"criteria": "cpe:2.3:a:contao:contao_cms:2.2.12:*:*:*:*:*:*:*", "matchCriteriaId": "A858A058-6C6F-4A55-8F75-7B5C4864FD76", "vulnerable": true}, {"criteria": "cpe:2.3:a:contao:contao_cms:2.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "66DAB15B-7C53-4F60-AB74-B447ACC89C5A", "vulnerable": true}, {"criteria": "cpe:2.3:a:contao:contao_cms:2.3.1:*:*:*:*:*:*:*", "matchCriteriaId": "41D6B294-FC56-4F67-BDDC-D2BD843E7A88", "vulnerable": true}, {"criteria": "cpe:2.3:a:contao:contao_cms:2.3.2:*:*:*:*:*:*:*", "matchCriteriaId": "0C5F21EE-0EF8-426B-88B6-2B8DAA29D2C4", "vulnerable": true}, {"criteria": "cpe:2.3:a:contao:contao_cms:2.3.3:*:*:*:*:*:*:*", "matchCriteriaId": "3904DED0-9772-423D-B705-CC2DC622979E", "vulnerable": true}, {"criteria": "cpe:2.3:a:contao:contao_cms:2.3.4:*:*:*:*:*:*:*", "matchCriteriaId": "E4ACD0CD-4E4B-4133-812A-69CF2221504E", "vulnerable": true}, {"criteria": "cpe:2.3:a:contao:contao_cms:2.4.0:*:*:*:*:*:*:*", "matchCriteriaId": "7D828A2C-DA93-4CA9-AA4F-1B981FB42170", "vulnerable": true}, {"criteria": "cpe:2.3:a:contao:contao_cms:2.4.0:beta:*:*:*:*:*:*", "matchCriteriaId": "18FD90D0-0D81-4AA6-A0C6-FF5A0D612B3B", "vulnerable": true}, {"criteria": "cpe:2.3:a:contao:contao_cms:2.4.1:*:*:*:*:*:*:*", "matchCriteriaId": "E3F87637-DD29-4F9D-9069-10DF72F893F8", "vulnerable": true}, {"criteria": "cpe:2.3:a:contao:contao_cms:2.4.2:*:*:*:*:*:*:*", "matchCriteriaId": "539D1C67-4486-4278-A10F-4E47A1B6214A", "vulnerable": true}, {"criteria": "cpe:2.3:a:contao:contao_cms:2.4.3:*:*:*:*:*:*:*", "matchCriteriaId": "8FC54491-D847-49F4-8477-C7223FEFDED8", "vulnerable": true}, {"criteria": "cpe:2.3:a:contao:contao_cms:2.4.4:*:*:*:*:*:*:*", "matchCriteriaId": "DBA47797-CC87-4540-9988-EFB25416CBE1", "vulnerable": true}, {"criteria": "cpe:2.3:a:contao:contao_cms:2.4.5:*:*:*:*:*:*:*", "matchCriteriaId": "8F0D3AD5-753F-4089-8F16-99A4E79717A8", "vulnerable": true}, {"criteria": "cpe:2.3:a:contao:contao_cms:2.4.6:*:*:*:*:*:*:*", "matchCriteriaId": "2D75366F-5976-4088-9973-ADA2B826EAA7", "vulnerable": true}, {"criteria": "cpe:2.3:a:contao:contao_cms:2.4.7:*:*:*:*:*:*:*", "matchCriteriaId": "CFABCCAE-0BE7-480E-B1EC-D5E8F991BE0C", "vulnerable": true}, {"criteria": "cpe:2.3:a:contao:contao_cms:2.5.0:*:*:*:*:*:*:*", "matchCriteriaId": "ADC7A261-780D-41D4-9F61-80E7474C0247", "vulnerable": true}, {"criteria": "cpe:2.3:a:contao:contao_cms:2.5.0:beta:*:*:*:*:*:*", "matchCriteriaId": "8A170F03-D582-405C-8B22-2E3405989B99", "vulnerable": true}, {"criteria": "cpe:2.3:a:contao:contao_cms:2.5.0:beta-rc2:*:*:*:*:*:*", "matchCriteriaId": "F37147E6-795B-4C4B-AE9E-458D45272ED0", "vulnerable": true}, {"criteria": "cpe:2.3:a:contao:contao_cms:2.5.1:*:*:*:*:*:*:*", "matchCriteriaId": "2D150167-00AC-416C-88C7-C901E80B096E", "vulnerable": true}, {"criteria": "cpe:2.3:a:contao:contao_cms:2.5.2:*:*:*:*:*:*:*", "matchCriteriaId": "22CA6235-6D32-4C84-BF29-D8432F8403D3", "vulnerable": true}, {"criteria": "cpe:2.3:a:contao:contao_cms:2.5.3:*:*:*:*:*:*:*", "matchCriteriaId": "3852AB7E-2CF7-42A5-80F9-D921FA311359", "vulnerable": true}, {"criteria": "cpe:2.3:a:contao:contao_cms:2.5.4:*:*:*:*:*:*:*", "matchCriteriaId": "2FCCF09E-899D-4BDD-87F7-7D0866EDC06A", "vulnerable": true}, {"criteria": "cpe:2.3:a:contao:contao_cms:2.5.5:*:*:*:*:*:*:*", "matchCriteriaId": "4A296368-5FFE-4037-A58E-FBC24783B7B5", "vulnerable": true}, {"criteria": "cpe:2.3:a:contao:contao_cms:2.5.6:*:*:*:*:*:*:*", "matchCriteriaId": "E497999A-ACE7-47BC-A0C7-8F6A2CE25EAC", "vulnerable": true}, {"criteria": "cpe:2.3:a:contao:contao_cms:2.5.7:*:*:*:*:*:*:*", "matchCriteriaId": "E841B29E-628A-4E77-AB59-32C222973252", "vulnerable": true}, {"criteria": "cpe:2.3:a:contao:contao_cms:2.5.8:*:*:*:*:*:*:*", "matchCriteriaId": "C503BE53-AC21-4381-85B2-A9F73B0F68F4", "vulnerable": true}, {"criteria": "cpe:2.3:a:contao:contao_cms:2.5.9:*:*:*:*:*:*:*", "matchCriteriaId": "93ABE05F-92E2-40FE-858A-D15B98B0677B", "vulnerable": true}, {"criteria": "cpe:2.3:a:contao:contao_cms:2.6.0:*:*:*:*:*:*:*", "matchCriteriaId": "E276325C-5B69-4A4B-B6ED-CEDB8D93AB0F", "vulnerable": true}, {"criteria": "cpe:2.3:a:contao:contao_cms:2.6.0:beta:*:*:*:*:*:*", "matchCriteriaId": "C8F7C378-3908-4151-BE03-2A8180A8FBFD", "vulnerable": true}, {"criteria": "cpe:2.3:a:contao:contao_cms:2.6.0:beta2:*:*:*:*:*:*", "matchCriteriaId": "73844A9B-C6A0-4B5C-9A17-883A0624E30C", "vulnerable": true}, {"criteria": "cpe:2.3:a:contao:contao_cms:2.6.1:*:*:*:*:*:*:*", "matchCriteriaId": "BC882715-1899-4AA2-85B7-082BFD186AD1", "vulnerable": true}, {"criteria": "cpe:2.3:a:contao:contao_cms:2.6.2:*:*:*:*:*:*:*", "matchCriteriaId": "BC53C9EC-04D1-4C69-A6FC-C03E7CEB2A74", "vulnerable": true}, {"criteria": "cpe:2.3:a:contao:contao_cms:2.6.3:*:*:*:*:*:*:*", "matchCriteriaId": "401C9B5D-2789-4F20-9F69-763EB9428C56", "vulnerable": true}, {"criteria": "cpe:2.3:a:contao:contao_cms:2.6.4:*:*:*:*:*:*:*", "matchCriteriaId": "35AE8028-3B12-49FB-BCB4-F6F4614A7582", "vulnerable": true}, {"criteria": "cpe:2.3:a:contao:contao_cms:2.6.5:*:*:*:*:*:*:*", "matchCriteriaId": "1BBDC8B4-88C6-4F90-8F98-B28C381598AC", "vulnerable": true}, {"criteria": "cpe:2.3:a:contao:contao_cms:2.6.6:*:*:*:*:*:*:*", "matchCriteriaId": "10C0B8CB-B290-43C9-96ED-F3401F556339", "vulnerable": true}, {"criteria": "cpe:2.3:a:contao:contao_cms:2.6.7:*:*:*:*:*:*:*", "matchCriteriaId": "3DB45B3B-C7FE-4B02-A7D4-F7DDAF988D89", "vulnerable": true}, {"criteria": "cpe:2.3:a:contao:contao_cms:2.6.8:*:*:*:*:*:*:*", "matchCriteriaId": "E34758B1-BDAC-4277-A141-E54792414D15", "vulnerable": true}, {"criteria": "cpe:2.3:a:contao:contao_cms:2.7.0:*:*:*:*:*:*:*", "matchCriteriaId": "711FA883-8573-4D82-8ABB-6CF57A375CCF", "vulnerable": true}, {"criteria": "cpe:2.3:a:contao:contao_cms:2.7.0:rc1:*:*:*:*:*:*", "matchCriteriaId": "7EE97438-13F6-48A4-83FB-4B5A0953F5BC", "vulnerable": true}, {"criteria": "cpe:2.3:a:contao:contao_cms:2.7.0:rc2:*:*:*:*:*:*", "matchCriteriaId": "6F6C1E95-ACA1-467C-B83C-D181A5C2E7E6", "vulnerable": true}, {"criteria": "cpe:2.3:a:contao:contao_cms:2.7.1:*:*:*:*:*:*:*", "matchCriteriaId": "C10EFA4D-BC0A-47DA-BBF6-7CC7A71ABC62", "vulnerable": true}, {"criteria": "cpe:2.3:a:contao:contao_cms:2.7.2:*:*:*:*:*:*:*", "matchCriteriaId": "CCBAA823-61A6-4A63-B348-5358152E02FF", "vulnerable": true}, {"criteria": "cpe:2.3:a:contao:contao_cms:2.7.3:*:*:*:*:*:*:*", "matchCriteriaId": "F8432155-FC1D-454B-AADE-91845E4D4170", "vulnerable": true}, {"criteria": "cpe:2.3:a:contao:contao_cms:2.7.4:*:*:*:*:*:*:*", "matchCriteriaId": "D0A4BA44-4C22-448B-BB57-3B150309E7AE", "vulnerable": true}, {"criteria": "cpe:2.3:a:contao:contao_cms:2.7.5:*:*:*:*:*:*:*", "matchCriteriaId": "4FEFFCF5-60B3-4299-842C-736B5A0A9E66", "vulnerable": true}, {"criteria": "cpe:2.3:a:contao:contao_cms:2.7.6:*:*:*:*:*:*:*", "matchCriteriaId": "0175BDCC-B3A5-48A7-AE77-AE9BBFCB292F", "vulnerable": true}, {"criteria": "cpe:2.3:a:contao:contao_cms:2.7.7:*:*:*:*:*:*:*", "matchCriteriaId": "965280FF-E31E-4027-81AF-984DBB2D20C9", "vulnerable": true}, {"criteria": "cpe:2.3:a:contao:contao_cms:2.8.0:*:*:*:*:*:*:*", "matchCriteriaId": "C3DD8B58-4D71-4E24-A3BB-15FF14AC1ABD", "vulnerable": true}, {"criteria": "cpe:2.3:a:contao:contao_cms:2.8.0:rc1:*:*:*:*:*:*", "matchCriteriaId": "2B900603-6D38-4602-94B4-6DB37BF0FC16", "vulnerable": true}, {"criteria": "cpe:2.3:a:contao:contao_cms:2.8.0:rc2:*:*:*:*:*:*", "matchCriteriaId": "C3FA521A-6593-4A5B-A582-3E9DA804C973", "vulnerable": true}, {"criteria": "cpe:2.3:a:contao:contao_cms:2.8.1:*:*:*:*:*:*:*", "matchCriteriaId": "16C95AAB-A346-43BE-B2ED-6D52835EDA2B", "vulnerable": true}, {"criteria": "cpe:2.3:a:contao:contao_cms:2.8.2:*:*:*:*:*:*:*", "matchCriteriaId": "A7D0F246-7839-4DD7-A73F-64AD1CFCB643", "vulnerable": true}, {"criteria": "cpe:2.3:a:contao:contao_cms:2.8.3:*:*:*:*:*:*:*", "matchCriteriaId": "4DA67F43-1CC3-42B1-84CB-6FD458B6EC81", "vulnerable": true}, {"criteria": "cpe:2.3:a:contao:contao_cms:2.8.4:*:*:*:*:*:*:*", "matchCriteriaId": "018A50A3-E79C-4CDF-9AAD-60CB97A5141B", "vulnerable": true}, {"criteria": "cpe:2.3:a:contao:contao_cms:2.9.0:*:*:*:*:*:*:*", "matchCriteriaId": "0ACCC146-D248-4199-9C60-B9499586C3A9", "vulnerable": true}, {"criteria": "cpe:2.3:a:contao:contao_cms:2.9.0:beta1:*:*:*:*:*:*", "matchCriteriaId": "A762BEF8-C457-423C-A3A6-8ED49E503F8C", "vulnerable": true}, {"criteria": "cpe:2.3:a:contao:contao_cms:2.9.0:rc1:*:*:*:*:*:*", "matchCriteriaId": "CC962AF4-4FA6-421A-8F9B-B425E1E48E0D", "vulnerable": true}, {"criteria": "cpe:2.3:a:contao:contao_cms:2.9.1:*:*:*:*:*:*:*", "matchCriteriaId": "4D8973E6-02D9-4EDC-92FD-C8789851CE81", "vulnerable": true}, {"criteria": "cpe:2.3:a:contao:contao_cms:2.9.2:*:*:*:*:*:*:*", "matchCriteriaId": "5948A9DB-8CD3-4AB6-BAD4-B1341F4E3C14", "vulnerable": true}, {"criteria": "cpe:2.3:a:contao:contao_cms:2.9.3:*:*:*:*:*:*:*", "matchCriteriaId": "4D99A88B-01CD-4AED-9FF5-31DBE0513E29", "vulnerable": true}, {"criteria": "cpe:2.3:a:contao:contao_cms:2.9.4:*:*:*:*:*:*:*", "matchCriteriaId": "EA9D573F-4426-4608-A1AB-DD169EC83CE4", "vulnerable": true}, {"criteria": "cpe:2.3:a:contao:contao_cms:2.9.5:*:*:*:*:*:*:*", "matchCriteriaId": "47F48DCD-9AB8-4FD0-90B7-5CA8C54ED97A", "vulnerable": true}, {"criteria": "cpe:2.3:a:contao:contao_cms:2.10.0:*:*:*:*:*:*:*", "matchCriteriaId": "6D359463-9BC3-451C-8576-2FEFC3123CC0", "vulnerable": true}, {"criteria": "cpe:2.3:a:contao:contao_cms:2.10.0:beta1:*:*:*:*:*:*", "matchCriteriaId": "91581DD0-044A-41F4-B258-BFF8D3DC60E8", "vulnerable": true}, {"criteria": "cpe:2.3:a:contao:contao_cms:2.10.0:rc1:*:*:*:*:*:*", "matchCriteriaId": "BEBDD36E-D29F-4D95-81C9-4F51D8F47364", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Multiple cross-site scripting (XSS) vulnerabilities in Contao before 2.10.2 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to index.php in a (1) teachers.html or (2) teachers/ action."}, {"lang": "es", "value": "Multiples vulnerabilidades de ejecuci\u00f3n de comandos en sitios cruzados (XSS) en Contao antes de la versi\u00f3n v2.10.2 permiten a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s de la variable par\u00e1metro PATH_INFO a index.php en una acci\u00f3n (1) teachers.html \u00f3 (2) teachers/ acci\u00f3n."}], "id": "CVE-2011-4335", "lastModified": "2024-11-21T01:32:15.513", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2011-11-28T11:55:10.313", "references": [{"source": "secalert@redhat.com", "url": "http://dev.contao.org/projects/typolight/repository/revisions/1041"}, {"source": "secalert@redhat.com", "url": "http://openwall.com/lists/oss-security/2011/11/21/30"}, {"source": "secalert@redhat.com", "url": "http://openwall.com/lists/oss-security/2011/11/22/1"}, {"source": "secalert@redhat.com", "url": "http://www.rul3z.de/advisories/SSCHADV2011-025.txt"}, {"source": "secalert@redhat.com", "url": "http://www.securityfocus.com/archive/1/520046/100/0/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://dev.contao.org/projects/typolight/repository/revisions/1041"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://openwall.com/lists/oss-security/2011/11/21/30"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://openwall.com/lists/oss-security/2011/11/22/1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.rul3z.de/advisories/SSCHADV2011-025.txt"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/520046/100/0/threaded"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}