Lucene search

GitHub Advisory DatabaseGHSA-PJ4J-287J-F742

HistoryFeb 10, 2022 - 8:49 p.m.

Cross-site Scripting in Contao

2022-02-1020:49:48

CWE-79

GitHub Advisory Database

github.com

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

0.001 Low

EPSS

Percentile

33.8%

JSON

Contao before 4.5.7 has XSS in the system log.

Affected configurations

Vulners

Node

contaocontaoRange<3.5.35

contaocontaoRange<4.5.8

contaocontaoRange<4.4.18

contaocontaoRange<4.5.8

contaocontaoRange<4.4.18

CPENameOperatorVersion
contao/core-bundlelt3.5.35
contao/corelt3.5.35
contao/core-bundlelt4.5.8
contao/core-bundlelt4.4.18
contao/contaolt4.5.8
contao/contaolt4.4.18

Name	Operator	Version
contao/core-bundle	lt	3.5.35
contao/core	lt	3.5.35
contao/core-bundle	lt	4.5.8
contao/core-bundle	lt	4.4.18
contao/contao	lt	4.5.8
contao/contao	lt	4.4.18

References

contao.org/en/news/contao-3_5_35.html

contao.org/en/news/contao-4_4_18.html

contao.org/en/security-advisories/cross-site-scripting-in-the-system-log.html

github.com/advisories/GHSA-pj4j-287j-f742

github.com/FriendsOfPHP/security-advisories/blob/master/contao/contao/CVE-2018-10125.yaml

github.com/FriendsOfPHP/security-advisories/blob/master/contao/core-bundle/CVE-2018-10125.yaml

github.com/FriendsOfPHP/security-advisories/blob/master/contao/core/CVE-2018-10125.yaml

nvd.nist.gov/vuln/detail/CVE-2018-10125

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

0.001 Low

EPSS

Percentile

33.8%

JSON

Related for GHSA-PJ4J-287J-F742