Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Cross-site scripting (XSS) vulnerability in system/modules/comments/Comments.php in Contao CMS 2.9.2, and possibly other versions before 2.9.3, allows remote attackers to inject arbitrary web script or HTML via the HTTP X_FORWARDED_FOR header, which is stored by system/libraries/Environment.php but not properly handled by a comments action to main.php.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Contao CMS system/modules/comments/Comments.php文件跨站脚本攻击漏洞
Vulnerability Description
Contao是一套采用PHP开发的开源内容管理系统(CMS)。该系统支持搜索引擎、权限管理和CSS框架等。 Contao CMS 2.9.2版本,也可能在2.9.3之前的其他版本中的system/modules/comments/Comments.php文件中存在跨站脚本攻击漏洞。远程攻击者可以借助HTTP X_FORWARDED_FOR头(由system/libraries/Environment.php存储,但没有经过对main.php的comments操作的正确处理)注入任意web脚本或者HTML。
CVSS Information
N/A
Vulnerability Type
N/A