GHSA-hr3h-x6gq-rqcp, CVE-2021-35955
packagist/contao/contao
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Contao >=4.0.0 allows backend XSS via HTML attributes to an HTML field. Fixed in 4.4.56, 4.9.18, 4.11.7.
All versions starting from 4.0.0 before 4.4.56, all versions starting from 4.5.0 before 4.9.18, all versions starting from 4.10.0 before 4.11.7
Upgrade to versions 4.4.56, 4.9.18, 4.11.7 or above.
2024-02-05
source |