← All advisories

Moderate severityNVD Advisory· Published Sep 21, 2023· Updated Sep 24, 2024

CVE-2018-5478

CVE-2018-5478

Description

Contao 3.x before 3.5.32 allows XSS via the unsubscribe module in the frontend newsletter extension.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

Package	Affected versions	Patched versions
contao/corePackagist	>= 3.0.0, < 3.5.32	3.5.32

Affected products

2

Contao/Contao CMScpe-rescue
ghsa-coords
pkg:composer/contao/core
Range: >= 3.0.0, < 3.5.32

Patches

Vulnerability mechanics

References

6

github.com/advisories/GHSA-mpg7-2rx9-h5qpghsaADVISORY
nvd.nist.gov/vuln/detail/CVE-2018-5478ghsaADVISORY
contao.org/en/news/contao-3_5_32.htmlghsaWEB
github.com/FriendsOfPHP/security-advisories/blob/master/contao/core/CVE-2018-5478.yamlghsaWEB
github.com/contao/core/commit/3123d6527ae6c46087b0ad8061eb8651cb645b8dghsaWEB
security.snyk.io/vuln/SNYK-PHP-CONTAOCORE-70397ghsaWEB

News mentions

0

No linked articles in our index yet.