3 matches found
CVE-2023-36806 Contao cross site scripting vulnerability via input unit widget
Contao is an open source content management system. Starting in version 4.0.0 and prior to versions 4.9.42, 4.13.28, and 5.1.10, it is possible for untrusted backend users to inject malicious code into headline fields in the back end, which will be executed both in the element preview back end an...
CVE-2023-36806 Contao cross site scripting vulnerability via input unit widget
Contao is an open source content management system. Starting in version 4.0.0 and prior to versions 4.9.42, 4.13.28, and 5.1.10, it is possible for untrusted backend users to inject malicious code into headline fields in the back end, which will be executed both in the element preview back end an...
PT-2023-25700 · Contao · Contao
Name of the Vulnerable Software and Affected Versions: Contao versions 4.0.0 through 4.9.41 Contao versions 4.13.0 through 4.13.27 Contao versions 5.0.0 through 5.1.9 Description: Contao is an open source content management system. It is possible for untrusted backend users to inject malicious co...