Contao 3.x prior to 3.5.32 allows XSS via the unsubscribe module in the frontend newsletter extension.
contao contao