Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Contao is vulnerable to cross-site scripting in templates
Vulnerability Description
Contao is an Open Source CMS. From version 4.0.0 to before 4.13.57, before 5.3.42, and before 5.6.5, it is possible to inject code into the template output that will be executed in the browser in the front end and back end. This issue has been patched in versions 4.13.57, 5.3.42, and 5.6.5. A workaround for this issue involves not using the affected templates or patch them manually.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:N
Vulnerability Type
替代XSS语法转义处理不恰当
Vulnerability Title
Contao 安全漏洞
Vulnerability Description
Contao是Contao开源的一套采用PHP开发的开源内容管理系统(CMS)。该系统支持搜索引擎、权限管理和CSS框架等。 Contao 4.0.0版本至4.13.57之前版本、5.3.42之前版本和5.6.5之前版本存在安全漏洞,该漏洞源于可注入代码到模板输出,可能导致代码执行。
CVSS Information
N/A
Vulnerability Type
N/A