contao/core-bundle Security Advisories for 4.10.3 (5)
-
[MEDIUM] Cross site scripting via input unit widget
PKSA-kc45-s13v-qqqk CVE-2023-36806 GHSA-4gpr-p634-922x
Affected version: >=5.0.0,<5.1.10|>=4.10.0,<4.13.28|>=4.0.0,<4.9.42
Reported by:
GitHub -
[HIGH] Privilege escalation with the form generator
PKSA-6972-2czp-n9y4 CVE-2021-37627 GHSA-hq5m-mqmx-fw6m
Affected version: >=4.0.0,<4.4.56|>=4.5.0,<4.6.0|>=4.6.0,<4.7.0|>=4.7.0,<4.8.0|>=4.8.0,<4.9.0|>=4.9.0,<4.9.18|>=4.10.0,<4.11.0|>=4.11.0,<4.11.7
Reported by:
FriendsOfPHP/security-advisories, GitHub -
[MEDIUM] PHP file inclusion via insert tags
PKSA-dqg4-bv6y-y9k1 CVE-2021-37626 GHSA-r6mv-ppjc-4hgr
Affected version: >=4.0.0,<4.4.56|>=4.5.0,<4.6.0|>=4.6.0,<4.7.0|>=4.7.0,<4.8.0|>=4.8.0,<4.9.0|>=4.9.0,<4.9.18|>=4.10.0,<4.11.0|>=4.11.0,<4.11.7
Reported by:
FriendsOfPHP/security-advisories, GitHub -
[MEDIUM] Cross site scripting via HTML attributes in the back end
PKSA-s6nh-jp39-2w3w CVE-2021-35955 GHSA-hr3h-x6gq-rqcp
Affected version: >=4.0.0,<4.4.56|>=4.5.0,<4.6.0|>=4.6.0,<4.7.0|>=4.7.0,<4.8.0|>=4.8.0,<4.9.0|>=4.9.0,<4.9.18|>=4.10.0,<4.11.0|>=4.11.0,<4.11.7
Reported by:
FriendsOfPHP/security-advisories, GitHub -
[MEDIUM] Cross-site scripting (XSS) vulnerability in the system log
PKSA-ztzv-8k57-rm9h CVE-2021-35210 GHSA-h58v-c6rf-g9f7
Affected version: >=4.5.0,<4.9.16|>=4.10.0,<4.11.0|>=4.11.0,<4.11.5
Reported by:
FriendsOfPHP/security-advisories, GitHub