VYPR
Moderate severityNVD Advisory· Published Jun 23, 2021· Updated Aug 4, 2024

CVE-2021-35210

CVE-2021-35210

Description

Contao 4.5.x through 4.9.x before 4.9.16, and 4.10.x through 4.11.x before 4.11.5, allows XSS. It is possible to inject code into the tl_log table that will be executed in the browser when the system log is called in the back end.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
contao/core-bundlePackagist
>= 4.5.0, < 4.9.164.9.16
contao/core-bundlePackagist
>= 4.10.0, < 4.11.54.11.5
contao/contaoPackagist
>= 4.5.0, < 4.9.164.9.16
contao/contaoPackagist
>= 4.10.0, < 4.11.54.11.5

Affected products

3

Patches

Vulnerability mechanics

References

6

News mentions

0

No linked articles in our index yet.