contao/core-bundle is vulnerable to cross-site scripting (XSS). A remote attacker is able to inject arbitrary Javascript into a victim’s browser via the system logs, which would be executed in the context of the user’s browser when the user loads the logs.
CPE | Name | Operator | Version |
---|---|---|---|
contao/core-bundle | le | 4.4.17 | |
contao/core-bundle | le | 4.5.7 |