Veracode Vulnerability DatabaseVERACODE:41729Cross-site Scripting (XSS)
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L
0.001 Low
EPSS
Percentile
26.5%
contao/core-bundle is vulnerable to Cross-site Scripting (XSS). The vulnerability exists due to the lack of a validation in the input unit widget, which allows an attacker to inject and execute malicious Javascript into the browser and backend server.
References
github.com/advisories/GHSA-4gpr-p634-922x
github.com/contao/contao/commit/5c9aff32cfc1f7dc452a045862ac2f86a6b9b4b4
github.com/contao/contao/commit/c98585d36baa25fda69c062421e7e7eadc53c82b
github.com/contao/contao/commit/ccb64c777eb0f9c0e6490c9135d80e915d37cd32
github.com/contao/contao/security/advisories/GHSA-4gpr-p634-922x
herolab.usd.de/security-advisories/usd-2023-0020/
Related
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L
0.001 Low
EPSS
Percentile
26.5%