Moderate severityNVD Advisory· Published Jun 23, 2021· Updated Aug 4, 2024
CVE-2021-35210
CVE-2021-35210
Description
Contao 4.5.x through 4.9.x before 4.9.16, and 4.10.x through 4.11.x before 4.11.5, allows XSS. It is possible to inject code into the tl_log table that will be executed in the browser when the system log is called in the back end.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
contao/core-bundlePackagist | >= 4.5.0, < 4.9.16 | 4.9.16 |
contao/core-bundlePackagist | >= 4.10.0, < 4.11.5 | 4.11.5 |
contao/contaoPackagist | >= 4.5.0, < 4.9.16 | 4.9.16 |
contao/contaoPackagist | >= 4.10.0, < 4.11.5 | 4.11.5 |
Affected products
3- Contao/Contaodescription
- ghsa-coords2 versions
>= 4.5.0, < 4.9.16+ 1 more
- (no CPE)range: >= 4.5.0, < 4.9.16
- (no CPE)range: >= 4.5.0, < 4.9.16
Patches
Vulnerability mechanics
References
6- github.com/advisories/GHSA-h58v-c6rf-g9f7ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2021-35210ghsaADVISORY
- contao.org/en/security-advisories/cross-site-scripting-in-the-system-log-2021.htmlghsax_refsource_CONFIRMWEB
- github.com/FriendsOfPHP/security-advisories/blob/master/contao/contao/CVE-2021-35210.yamlghsaWEB
- github.com/FriendsOfPHP/security-advisories/blob/master/contao/core-bundle/CVE-2021-35210.yamlghsaWEB
- github.com/contao/contao/security/advisories/GHSA-h58v-c6rf-g9f7ghsax_refsource_CONFIRMWEB
News mentions
0No linked articles in our index yet.