CVE-2021-35955
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in packagist/contao/contao
Identifiers
GHSA-hr3h-x6gq-rqcp, CVE-2021-35955
Package Slug
packagist/contao/contao
Vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Description
Contao >=4.0.0 allows backend XSS via HTML attributes to an HTML field. Fixed in 4.4.56, 4.9.18, 4.11.7.
Affected Versions
All versions starting from 4.0.0 before 4.4.56, all versions starting from 4.5.0 before 4.9.18, all versions starting from 4.10.0 before 4.11.7
Solution
Upgrade to versions 4.4.56, 4.9.18, 4.11.7 or above.
Last Modified
2024-02-05
| source |