Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Contao allows cross-site scripting through SVG uploads
Vulnerability Description
Contao is an Open Source CMS. Users can upload SVG files with malicious code, which is then executed in the back end and/or front end. This vulnerability is fixed in Contao 4.13.54, 5.3.30, or 5.5.6.
CVSS Information
N/A
Vulnerability Type
在Web页面生成时对输入的转义处理不恰当(跨站脚本)
Vulnerability Title
Contao 跨站脚本漏洞
Vulnerability Description
Contao是Contao开源的一套采用PHP开发的开源内容管理系统(CMS)。该系统支持搜索引擎、权限管理和CSS框架等。 Contao存在跨站脚本漏洞,该漏洞源于用户可以上传包含恶意代码的SVG文件,这些代码可能在后端或前端执行。
CVSS Information
N/A
Vulnerability Type
N/A