GHSA-pj4j-287j-f742
Suggest an improvement- Source
- https://github.com/advisories/GHSA-pj4j-287j-f742
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/02/GHSA-pj4j-287j-f742/GHSA-pj4j-287j-f742.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-pj4j-287j-f742
- Aliases
- Published
- 2022-02-10T20:49:48Z
- Modified
- 2024-02-16T08:14:04.123039Z
- Severity
-
- 6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
- Summary
- Cross-site Scripting in Contao
- Details
-
Contao before 4.5.7 has XSS in the system log.
- Database specific
{ "nvd_published_at": "2020-03-16T15:15:00Z", "cwe_ids": [ "CWE-79" ], "severity": "MODERATE", "github_reviewed": true, "github_reviewed_at": "2021-05-03T21:22:13Z" }- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2018-10125
- https://contao.org/en/news/contao-3_5_35.html
- https://contao.org/en/news/contao-4_4_18.html
- https://contao.org/en/security-advisories/cross-site-scripting-in-the-system-log.html
- https://github.com/FriendsOfPHP/security-advisories/blob/master/contao/contao/CVE-2018-10125.yaml
- https://github.com/FriendsOfPHP/security-advisories/blob/master/contao/core-bundle/CVE-2018-10125.yaml
- https://github.com/FriendsOfPHP/security-advisories/blob/master/contao/core/CVE-2018-10125.yaml
Affected packages
Packagist / contao/contao
Package
- Name
- contao/contao
- Purl
- pkg:composer/contao/contao
Packagist / contao/contao
Package
- Name
- contao/contao
- Purl
- pkg:composer/contao/contao
Packagist / contao/core-bundle
Package
- Name
- contao/core-bundle
- Purl
- pkg:composer/contao/core-bundle
Affected versions
4.*
4.0.0
4.0.1
4.0.2
4.0.3
4.0.4
4.1.0-beta1
4.1.0-RC1
4.1.0
4.1.1
4.1.2
4.1.3
4.2.0-beta1
4.2.0-RC1
4.2.0
4.2.1
4.2.2
4.2.3
4.2.4
4.2.5
4.3.0-RC1
4.3.0
4.3.1
4.3.2
4.3.3
4.3.4
4.3.5
4.3.6
4.3.7
4.3.8
4.3.9
4.3.10
4.3.11
4.4.0-beta1
4.4.0-RC1
4.4.0-RC2
4.4.0
4.4.1
4.4.2
4.4.3
4.4.4
4.4.5
4.4.6
4.4.7
4.4.8
4.4.9
4.4.10
4.4.11
4.4.12
4.4.13
4.4.14
4.4.15
4.4.16
4.4.17
Packagist / contao/core-bundle
Package
- Name
- contao/core-bundle
- Purl
- pkg:composer/contao/core-bundle
Packagist / contao/core
Package
- Name
- contao/core
- Purl
- pkg:composer/contao/core
Affected versions
3.*
3.0.0
3.0.1
3.0.2
3.0.3
3.0.4
3.0.5
3.0.6
3.1.beta1
3.1.RC1
3.1.0
3.1.1
3.1.2
3.1.3
3.1.4
3.1.5
3.2.beta1
3.2.beta2
3.2.RC1
3.2.0
3.2.1
3.2.2
3.2.3
3.2.4
3.2.5
3.2.6
3.2.7
3.2.8
3.2.9
3.2.10
3.2.11
3.2.12
3.2.13
3.2.14
3.2.15
3.2.16
3.2.17
3.2.18
3.2.19
3.2.20
3.2.21
3.3.0-beta1
3.3.0-RC1
3.3.0-RC2
3.3.0
3.3.1
3.3.2
3.3.3
3.3.4
3.3.5
3.3.6
3.3.7
3.4.0-beta1
3.4.0-RC1
3.4.0
3.4.1
3.4.2
3.4.3
3.4.4
3.4.5
3.5.0-beta1
3.5.0-RC1
3.5.0
3.5.1
3.5.2
3.5.3
3.5.4
3.5.5
3.5.6
3.5.7
3.5.8
3.5.9
3.5.10
3.5.11
3.5.12
3.5.13
3.5.14
3.5.15
3.5.16
3.5.17
3.5.18
3.5.19
3.5.20
3.5.21
3.5.22
3.5.23
3.5.24
3.5.25
3.5.26
3.5.27
3.5.28
3.5.29
3.5.30
3.5.31
3.5.32
3.5.33
3.5.34
Packagist / contao/core-bundle
Package
- Name
- contao/core-bundle
- Purl
- pkg:composer/contao/core-bundle