Lucene search
Veracode Vulnerability DatabaseVERACODE:13440HistoryMar 12, 2019 - 4:22 a.m.
Cross-Site Scripting (XSS)
2019-03-1204:22:43
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
5
0.001 Low
EPSS
Percentile
33.8%
contao/core-bundle is vulnerable to cross-site scripting (XSS). A remote attacker is able to inject arbitrary Javascript into a victim’s browser via the system logs, which would be executed in the context of the user’s browser when the user loads the logs.
| CPE | Name | Operator | Version |
|---|---|---|---|
| contao/core-bundle | le | 4.4.17 | |
| contao/core-bundle | le | 4.5.7 |
Related
osv
osv
CVE-2018-10125
2020-03-16 15:15:11
Cross-site Scripting in Contao
2022-02-10 20:49:48
nvd
nvd
CVE-2018-10125
2020-03-16 15:15:11
prion
prion
Design/Logic Flaw
2020-03-16 15:15:00
cve
cve
CVE-2018-10125
2020-03-16 15:15:11
friendsofphp
friendsofphp
Cross-site scripting (XSS) vulnerability in the system log of the back end
2018-04-18 09:23:00
Cross-site scripting (XSS) vulnerability in the system log of the back end
2018-04-18 09:23:00
Cross-site scripting (XSS) vulnerability in the system log of the back end
2018-04-18 09:51:00
github
github
Cross-site Scripting in Contao
2022-02-10 20:49:48
cvelist
cvelist
CVE-2018-10125
2020-03-16 14:40:15