CVE - CVE-2011-0508

CVE-ID
CVE-2011-0508	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
Cross-site scripting (XSS) vulnerability in system/modules/comments/Comments.php in Contao CMS 2.9.2, and possibly other versions before 2.9.3, allows remote attackers to inject arbitrary web script or HTML via the HTTP X_FORWARDED_FOR header, which is stored by system/libraries/Environment.php but not properly handled by a comments action to main.php.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
BUGTRAQ:20110112 [MajorSecurity SA-081]Contao CMS 2.9.2 - Persistent Cross Site Scripting Issue URL:http://www.securityfocus.com/archive/1/515691/100/0/threaded CONFIRM:http://dev.contao.org/issues/2751 CONFIRM:http://www.contao.org/changelog.html CONFIRM:http://www.contao.org/news/items/contao-2_9_3.html OSVDB:70440 URL:~~http://www.osvdb.org/70440~~ (Obsolete source) SECUNIA:42899 URL:http://secunia.com/advisories/42899 XF:contao-xforwardedfor-xss(64679) URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/64679
Assigning CNA
MITRE Corporation
Date Record Created
20110120	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20110120)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)