Contao Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-35210)

Description

Contao 4.5.x through 4.9.x before 4.9.16, and 4.10.x through 4.11.x before 4.11.5, allows XSS. It is possible to inject code into the tl_log table that will be executed in the browser when the system log is called in the back end.

Remediation

References

CVE-2021-35210

Related Vulnerabilities

WordPress Plugin WP Mail SMTP by WPForms Unspecified Vulnerability (0.9.5)

PHP Other Vulnerability (CVE-2014-0236)

WordPress Plugin WP Forum Server Cross-Site Scripting and SQL Injection Vulnerabilities (1.7.3)

WordPress Plugin Easy Digital Downloads-Simple eCommerce for Selling Digital Files Cross-Site Scripting (2.9.15)

Django CVE-2024-41989 Vulnerability (CVE-2024-41989)

Severity

Medium

Classification

CVE-2021-35210 CWE-707 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N