CVE-2021-35210

Published: Jun 23, 2021

Modified: Aug 4, 2024

PUBLISHED

Description

Contao 4.5.x through 4.9.x before 4.9.16, and 4.10.x through 4.11.x before 4.11.5, allows XSS. It is possible to inject code into the tl_log table that will be executed in the browser when the system log is called in the back end.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://contao.org/en/security-advisories/cross-site-scripting-in-the-system-log-2021.html

x_refsource_CONFIRM

https://github.com/contao/contao/security/advisories/GHSA-h58v-c6rf-g9f7

x_refsource_CONFIRM

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2021-35210

Description

Affected Products

References