You are viewing this page in an unauthorized frame window.
This is a potential security issue, you are being redirected to
https://nvd.nist.gov
An official website of the United States government
Official websites use .gov
A .gov website belongs to an official government organization in the United States.
Secure .gov websites use HTTPS
A lock () or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.
OR
*cpe:2.3:a:contao:contao:*:*:*:*:*:*:*:* versions from (including) 3.0.0 up to (including) 3.5.33
*cpe:2.3:a:contao:contao:4.0.0:-:*:*:*:*:*:*
*cpe:2.3:a:contao:contao:4.1.0:-:*:*:*:*:*:*
*cpe:2.3:a:contao:contao:4.2.0:-:*:*:*:*:*:*
*cpe:2.3:a:contao:contao:4.3.0:-:*:*:*:*:*:*
*cpe:2.3:a:contao:contao:*:*:*:*:*:*:*:* versions from (including) 4.4.0 up to (including) 4.4.16
*cpe:2.3:a:contao:contao:*:*:*:*:*:*:*:* versions from (including) 4.5.0 up to (including) 4.5.6
Added
CVSS V2
NIST (AV:N/AC:M/Au:N/C:N/I:P/A:N)
Added
CVSS V2 Metadata
Victim must voluntarily interact with attack mechanism
Added
CVSS V3.1
NIST AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Added
CWE
NIST CWE-79
Changed
Reference Type
https://contao.org/en/security-advisories/cross-site-scripting-in-the-system-log.html No Types Assigned
https://contao.org/en/security-advisories/cross-site-scripting-in-the-system-log.html Third Party Advisory