Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2011-4335Cross-site Scripting in CMS

CWE-79Cross-site Scripting5 documents4 sources
Severity
4.3MEDIUMNVD
EPSS
0.4%
top 37.33%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Contao CMS
Timeline
PublishedNov 28
Latest updateMay 14

Description

Multiple cross-site scripting (XSS) vulnerabilities in Contao before 2.10.2 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to index.php in a (1) teachers.html or (2) teachers/ action.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages1 packages

NVDcontao/contao_cms2.10.1+89

🔴Vulnerability Details

2
GHSA
GHSA-cmq8-7f55-mqpv: Multiple cross-site scripting (XSS) vulnerabilities in Contao before 22022-05-14
CVEList
CVE-2011-4335: Multiple cross-site scripting (XSS) vulnerabilities in Contao before 22011-11-28

💥Exploits & PoCs

2
Exploit-DB
ContaoCMS 2.10.1 - Cross-Site Scripting2011-10-02
Exploit-DB
CakePHP 1.3.5/1.2.8 - Cache Corruption (Metasploit)2011-01-14
CVE-2011-4335 — Cross-site Scripting in Contao CMS | cvebase