contao/core-bundle is vulnerable to cross-site scripting(XSS) attacks. The library does not properly sanitize the user inputs through the canonical tag, allowing an attacker to inject and execute malicious javascript.
CPE | Name | Operator | Version |
---|---|---|---|
contao/core-bundle | le | 4.13.2 | |
contao/core-bundle | le | 4.13.2 |