4 matches found
CVE-2021-35955
Contao =4.0.0 allows backend XSS via HTML attributes to an HTML field. Fixed in 4.4.56, 4.9.18, 4.11.7...
CVE-2021-35955
Contao
CVE-2021-35955
Contao =4.0.0 allows backend XSS via HTML attributes to an HTML field. Fixed in 4.4.56, 4.9.18, 4.11.7...
Cross site scripting via HTML attributes in the back end
Date : 2021-08-11 CVE ID : CVE-2021-35955 Description It is possible for untrusted users to inject malicious code into HTML attributes in the back end, which will be executed both in the element preview back end and on the website front end. Installations are only affected if there are untrusted...