CVE-2024-28234: Contao: Insufficient BBCode sanitizer
If BBCode is enabled for comments, users can inject CSS styles.
References
- contao.org/en/security-advisories/insufficient-bbcode-sanitization
- github.com/advisories/GHSA-j55w-hjpj-825g
- github.com/contao/contao
- github.com/contao/contao/commit/55b995d8d35da0d36bc6a22c53fe6423ab0c4ae2
- github.com/contao/contao/commit/6d42e667177c972ae7c219645593c262d7764ce2
- github.com/contao/contao/security/advisories/GHSA-j55w-hjpj-825g
- nvd.nist.gov/vuln/detail/CVE-2024-28234
Detect and mitigate CVE-2024-28234 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →