Unrated severityNVD Advisory· Published Jan 20, 2011· Updated Jun 16, 2026
CVE-2011-0508
CVE-2011-0508
Description
Cross-site scripting (XSS) vulnerability in system/modules/comments/Comments.php in Contao CMS 2.9.2, and possibly other versions before 2.9.3, allows remote attackers to inject arbitrary web script or HTML via the HTTP X_FORWARDED_FOR header, which is stored by system/libraries/Environment.php but not properly handled by a comments action to main.php.
Affected products
2Patches
Vulnerability mechanics
References
7- www.contao.org/changelog.htmlnvdPatch
- www.contao.org/news/items/contao-2_9_3.htmlnvdPatchVendor Advisory
- secunia.com/advisories/42899nvdVendor Advisory
- dev.contao.org/issues/2751nvd
- www.osvdb.org/70440nvd
- www.securityfocus.com/archive/1/515691/100/0/threadednvd
- exchange.xforce.ibmcloud.com/vulnerabilities/64679nvd
News mentions
0No linked articles in our index yet.