Contao 4.5.x up to and including 4.9.x prior to 4.9.16, and 4.10.x up to and including 4.11.x prior to 4.11.5, allows XSS. It is possible to inject code into the tl_log table that will be executed in the browser when the system log is called in the back end.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
contao contao |