contao/core-bundle is vulnerable to cross site scripting. The vulnerability exists due to an insecure tl_log table which will execute injected code in the browser when the system log is called in the back end.
CPE | Name | Operator | Version |
---|---|---|---|
contao/core-bundle | le | 4.9.15 | |
contao/core-bundle | le | 4.11.4 |