3 matches found
CVE-2021-35210
creationtimestamp| type| source ---|---|--- 2021-06-23 14:17:17+00:00| seen| https://t.me/cibsecurity/25638...
CVE-2021-35210
Contao CMS vulnerable to cross-site scripting via the tl_log table. Affected versions are 4.5.x–4.9.x (before 4.9.16) and 4.10.x–4.11.x (before 4.11.5). The vulnerability allows injected code to execute in the browser when the system log is opened in the back end. Remediation: upgrade to Contao 4...
Cross site scripting in the system log
Date : 2018-04-18 CVE ID : CVE-2018-10125 Description With a manipulated request, an attacker can implant a script which is executed when a logged in back end user opens the system log. The attacker does not have to be logged in. Affected versions Contao 3. up to 3.5.33 Contao 4.0 Contao 4.1 Cont...