CVE-2023-36806
unknown
CVSS v3
—
CVSS v2
—
VIR risk
—
Description
Cross site scripting via input unit widget
Predictions
Exploit likelihood
30%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
No vendor mitigations ingested yet for this CVE. The mitigation-content worker queues fetches as references arrive — check back in a few minutes, or see the references list below.
Package impact
| Ecosystem | Package | Vulnerable | Fixed |
|---|---|---|---|
| Packagist | contao/core-bundle | >=4.0.0,<4.9.42 | 4.9.42 |
| Packagist | contao/core-bundle | >=4.10.0,<4.13.28 | 4.13.28 |
| Packagist | contao/core-bundle | >=5.0.0,<5.1.10 | 5.1.10 |
References
- https://github.com/contao/contao/security/advisories/GHSA-4gpr-p634-922x
- https://nvd.nist.gov/vuln/detail/CVE-2023-36806
- https://github.com/contao/contao/commit/5c9aff32cfc1f7dc452a045862ac2f86a6b9b4b4
- https://github.com/contao/contao/commit/c98585d36baa25fda69c062421e7e7eadc53c82b
- https://github.com/contao/contao/commit/ccb64c777eb0f9c0e6490c9135d80e915d37cd32
- https://github.com/contao/contao
- https://herolab.usd.de/security-advisories/usd-2023-0020
Verify integrity in audit chain (admin only). AS-IS.