CVE-2018-10125: XSS in system log of back end

April 18, 2018

There’s a Cross-Site Scripting (XSS) vulnerability in system log of back end. With a manipulated request, an attacker can implant a script which is executed when a logged in back end user opens the system log. The attacker themselves does not have to be logged in.

References

contao.org/en/news/contao-4_4_18.html

Detect and mitigate CVE-2018-10125 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →