Lucene search
Veracode Vulnerability DatabaseVERACODE:31050HistoryJun 24, 2021 - 4:21 a.m.
Cross-site Scripting (XSS)
2021-06-2404:21:01
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
5
0.001 Low
EPSS
Percentile
36.1%
contao/core-bundle is vulnerable to cross site scripting. The vulnerability exists due to an insecure tl_log table which will execute injected code in the browser when the system log is called in the back end.
| CPE | Name | Operator | Version |
|---|---|---|---|
| contao/core-bundle | le | 4.9.15 | |
| contao/core-bundle | le | 4.11.4 |
Related
github
github
Cross site scripting in the system log
2021-07-01 17:00:04
osv
osv
Cross site scripting in the system log
2021-07-01 17:00:04
CVE-2021-35210
2021-06-23 11:15:08
nvd
nvd
CVE-2021-35210
2021-06-23 11:15:08
cvelist
cvelist
CVE-2021-35210
2021-06-23 09:34:44
contao
contao
Cross site scripting in the system log
2021-06-23 00:00:00
friendsofphp
friendsofphp
Cross-site scripting (XSS) vulnerability in the system log
1970-01-01 00:00:00
Cross-site scripting (XSS) vulnerability in the system log
1970-01-01 00:00:00
prion
prion
Design/Logic Flaw
2021-06-23 11:15:00
cve
cve
CVE-2021-35210
2021-06-23 11:15:08