Description
Craft CMS before 2.6.2976 allows XSS attacks because an array returned by HttpRequestService::getSegments() and getActionSegments() need not be zero-based. NOTE: this vulnerability exists because of an incomplete fix for CVE-2017-8052.
Remediation
References
Related Vulnerabilities
WordPress 4.0.x Multiple Vulnerabilities (4.0 - 4.0.31)
WordPress Plugin WP-RecentComments SQL Injection (2.0.7)
MySQL CVE-2014-4258 Vulnerability (CVE-2014-4258)
MySQL CVE-2015-4772 Vulnerability (CVE-2015-4772)
WildFly Application Server Uncontrolled Resource Consumption Vulnerability (CVE-2016-9589)