2 matches found
GHSA-H58V-C6RF-G9F7 Cross site scripting in the system log
Impact It is possible to inject code into the tllog table that will be executed in the browser when the system log is called in the back end. Patches Update to Contao 4.9.16 or 4.11.5. Workarounds Disable the system log module in the back end for all users especially admin users. References...
Cross site scripting in the system log
Date : 2018-04-18 CVE ID : CVE-2018-10125 Description With a manipulated request, an attacker can implant a script which is executed when a logged in back end user opens the system log. The attacker does not have to be logged in. Affected versions Contao 3. up to 3.5.33 Contao 4.0 Contao 4.1 Cont...