Lucene search
Contao orgCONTAO:CROSS-SITE-SCRIPTING-IN-THE-SYSTEM-LOGHistoryApr 18, 2018 - 12:00 a.m.
Cross site scripting in the system log
2018-04-1800:00:00
Contao org
contao.org
3
0.001 Low
EPSS
Percentile
33.6%
Date: 2018-04-18 CVE ID: CVE-2018-10125
Description
With a manipulated request, an attacker can implant a script which is executed when a logged in back end user opens the system log. The attacker does not have to be logged in.
Affected versions
Contao 3.* up to 3.5.33
Contao 4.0
Contao 4.1
Contao 4.2
Contao 4.3
Contao 4.4 up to 4.4.16
Contao 4.5 up to 4.5.6
Suggested solution
Update to Contao 3.5.34, 4.4.17 or 4.5.7.
Related
prion
prion
Design/Logic Flaw
2020-03-16 15:15:00
cvelist
cvelist
CVE-2018-10125
2020-03-16 14:40:15
friendsofphp
friendsofphp
Cross-site scripting (XSS) vulnerability in the system log of the back end
2018-04-18 09:23:00
Cross-site scripting (XSS) vulnerability in the system log of the back end
2018-04-18 09:23:00
Cross-site scripting (XSS) vulnerability in the system log of the back end
2018-04-18 09:51:00
cve
cve
CVE-2018-10125
2020-03-16 15:15:00
github
github
Cross-site Scripting in Contao
2022-02-10 20:49:48
osv
osv
CVE-2018-10125
2020-03-16 15:15:11
Cross-site Scripting in Contao
2022-02-10 20:49:48
veracode
veracode
Cross-Site Scripting (XSS)
2019-03-12 04:22:43