Количество 2
Количество 2
CVE-2024-28234
Contao is an open source content management system. Starting in version 2.0.0 and prior to versions 4.13.40 and 5.3.4, it is possible to inject CSS styles via BBCode in comments. Installations are only affected if BBCode is enabled. Contao versions 4.13.40 and 5.3.4 have a patch for this issue. As a workaround, disable BBCode for comments.
GHSA-j55w-hjpj-825g
Contao: Insufficient BBCode sanitizer
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2024-28234 Contao is an open source content management system. Starting in version 2.0.0 and prior to versions 4.13.40 and 5.3.4, it is possible to inject CSS styles via BBCode in comments. Installations are only affected if BBCode is enabled. Contao versions 4.13.40 and 5.3.4 have a patch for this issue. As a workaround, disable BBCode for comments. | CVSS3: 4.3 | 1% Низкий | почти 2 года назад |
| GHSA-j55w-hjpj-825g Contao: Insufficient BBCode sanitizer | CVSS3: 4.3 | 1% Низкий | почти 2 года назад |
Уязвимостей на страницу