漏洞关键信息 漏洞标题 Cross-site scripting in templates 漏洞严重性 Severity: Low (3.3 / 10) 漏洞描述 Description: - Impact: It is possible to inject code into the template output that will be executed in the browser in the front end and back end. 影响版本 Affected versions: >=4.0.0 修补版本 Patched versions: 4.13.57, 5.3.42, 5.6.5 修复措施 Patches: Update to Contao 4.13.57, 5.3.42 or 5.6.5 解决方案 Workarounds: Do not use the affected templates or patch them manually. 参考链接 References: https://contao.org/en/security-advisories/cross-site-scripting-in-templates CVSS 3.1 基本指标 Attack vector: Network Attack complexity: High Privileges required: High User interaction: None Scope: Unchanged Confidentiality: Low Integrity: Low Availability: None CVE ID CVE-2025-65961 弱点类型 CWE-87 发现者 Finder: ausi, m-vo