Cross site scripting in the system log

Impact It is possible to inject code into the tllog table that will be executed in the browser when the system log is called in the back end. Patches Update to Contao 4.9.16 or 4.11.5. Workarounds Disable the system log module in the back end for all users especially admin users. References...

Cross-site Scripting (XSS)

contao/core-bundle is vulnerable to cross site scripting. The vulnerability exists due to an insecure tllog table which will execute injected code in the browser when the system log is called in the back end...

CVE-2021-35210

Contao 4.5.x through 4.9.x before 4.9.16, and 4.10.x through 4.11.x before 4.11.5, allows XSS. It is possible to inject code into the tllog table that will be executed in the browser when the system log is called in the back end...

Design/Logic Flaw

Contao 4.5.x through 4.9.x before 4.9.16, and 4.10.x through 4.11.x before 4.11.5, allows XSS. It is possible to inject code into the tllog table that will be executed in the browser when the system log is called in the back end...

CVE-2021-35210

Contao CMS vulnerable to cross-site scripting via the tl_log table. Affected versions are 4.5.x–4.9.x (before 4.9.16) and 4.10.x–4.11.x (before 4.11.5). The vulnerability allows injected code to execute in the browser when the system log is opened in the back end. Remediation: upgrade to Contao 4...

Contao 跨站脚本漏洞

Contao is an open source content management system CMS developed using PHP. The system supports search engines, rights management, and CSS frameworks. Contao suffers from a cross-site scripting vulnerability that allows an attacker to inject code into the tllog table, which will be executed in th...

Cross site scripting in the system log

Date : 2018-04-18 CVE ID : CVE-2018-10125 Description With a manipulated request, an attacker can implant a script which is executed when a logged in back end user opens the system log. The attacker does not have to be logged in. Affected versions Contao 3. up to 3.5.33 Contao 4.0 Contao 4.1 Cont...