CVE-2021-35210

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in packagist/contao/contao

Identifiers

GHSA-h58v-c6rf-g9f7, CVE-2021-35210

Package Slug

packagist/contao/contao

Vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Description

Contao 4.5.x through 4.9.x before 4.9.16, and 4.10.x through 4.11.x before 4.11.5, allows XSS. It is possible to inject code into the tl_log table that will be executed in the browser when the system log is called in the back end.

Affected Versions

All versions starting from 4.5.0 before 4.9.16, all versions starting from 4.10.0 before 4.11.5

Solution

Upgrade to versions 4.9.16, 4.11.5 or above.

Last Modified

2024-02-05

source