Contao >=4.0.0 allows backend XSS via HTML attributes to an HTML field. Fixed in 4.4.56, 4.9.18, 4.11.7.
References
Link | Resource |
---|---|
https://contao.org/en/news/contao-4-9-16-and-4-11-5-are-available.html | Vendor Advisory |
https://github.com/contao/contao/security/advisories/GHSA-hr3h-x6gq-rqcp | Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2021-08-12T14:33:44
Updated: 2021-08-12T14:33:44
Reserved: 2021-06-29T00:00:00
Link: CVE-2021-35955
JSON object: View
NVD Information
Status : Analyzed
Published: 2021-08-12T15:15:07.960
Modified: 2021-08-20T19:51:40.223
Link: CVE-2021-35955
JSON object: View
Redhat Information
No data.
CWE