CVE-2025-65961
LOW3.3EPSS 0.02%Contao is vulnerable to cross-site scripting in templates
發布日:2025/11/25修改日:2025/12/3
描述
### Impact It is possible to inject code into the template output that will be executed in the browser in the front end and back end. ### Patches Update to Contao 4.13.57, 5.3.42 or 5.6.5. ### Workarounds Do not use the affected templates or patch them manually. ### Refsources https://contao.org/en/security-advisories/cross-site-scripting-in-templates
受影響套件(1)
- Packagist/contao/core-bundle>= 4.0.0, < 4.13.57
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 3.1 | LOW3.3 | CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:N |