4 matches found
CVE-2024-45965
Contao before 5.5.6 allows XSS via an SVG document. This affects in contao/core-bundle in Composer 4.x before 4.13.54, 5.0.x through 5.3.x before 5.3.30, and 5.4.x and 5.5..x before 5.5.6...
CVE-2024-45965
Contao before 5.5.6 allows XSS via an SVG document. This affects in contao/core-bundle in Composer 4.x before 4.13.54, 5.0.x through 5.3.x before 5.3.30, and 5.4.x and 5.5..x before 5.5.6...
CVE-2024-45965
CVE-2024-45965 — Contao SVG upload XSS : The vulnerability affects Contao Core Bundle via SVG uploads, enabling stored XSS when an attacker (or authenticated admin) uploads a crafted SVG. Affected versions are: 4.x prior to 4.13.54; 5.0.x–5.3.x prior to 5.3.30; and 5.4.x and 5.5.x prior to 5.5.6....
CVE-2024-45965
Contao before 5.5.6 allows XSS via an SVG document. This affects in contao/core-bundle in Composer 4.x before 4.13.54, 5.0.x through 5.3.x before 5.3.30, and 5.4.x and 5.5..x before 5.5.6...