Description
Multiple cross-site scripting (XSS) vulnerabilities in Contao before 2.10.2 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to index.php in a (1) teachers.html or (2) teachers/ action.
Remediation
References
Related Vulnerabilities
WordPress Plugin WP Front-End Repository Manager Arbitrary File Upload (1.1)
Cherokee NULL Pointer Dereference Vulnerability (CVE-2020-12845)
Drupal Core 5.x Local File Inclusion (5.0 - 5.11)
WordPress Plugin Nextend Google Connect Unspecified Vulnerability (1.5.3)
WordPress Plugin WP Cerber Security, Anti-spam & Malware Scan Cross-Site Scripting (9.1)