Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in packagist/contao/contao
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Contao 4.5.x through 4.9.x before 4.9.16, and 4.10.x through 4.11.x before 4.11.5, allows XSS. It is possible to inject code into the tl_log table that will be executed in the browser when the system log is called in the back end.
All versions starting from 4.5.0 before 4.9.16, all versions starting from 4.10.0 before 4.11.5