GHSA-V24P-7P4J-QVVF Contao: Cross site scripting in the file manager
Impact Users can insert malicious code into file names when uploading files, which is then executed in tooltips and popups in the backend. Patches Update to Contao 4.13.40 or Contao 5.3.4. Workarounds Disable uploads for untrusted users. References...