CVE-2018-5478 — Cross-site Scripting in Contao

Severity

6.1MEDIUMNVD

EPSS

0.1%

top 77.16%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Timeline

PublishedSep 21

Description

Contao 3.x before 3.5.32 allows XSS via the unsubscribe module in the frontend newsletter extension.

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

▶Packagistcontao/core3.0.0 — 3.5.32

▶NVDcontao/contao3.0.0 — 3.5.32

GHSA

Contao Cross-site Scripting vulnerabililty↗2023-09-21

▶

OSV

Contao Cross-site Scripting vulnerabililty↗2023-09-21

▶

CVEList

CVE-2018-5478: Contao 3↗2023-09-21

▶