Security Advisories - PKSA-s6nh-jp39-2w3w - Packagist

PKSA-s6nh-jp39-2w3w Security Advisory

[MEDIUM] Cross site scripting via HTML attributes in the back end

PKSA-s6nh-jp39-2w3w CVE-2021-35955 GHSA-hr3h-x6gq-rqcp

Affected package: contao/core-bundle

Affected version: >=4.0.0,<4.4.56|>=4.5.0,<4.6.0|>=4.6.0,<4.7.0|>=4.7.0,<4.8.0|>=4.8.0,<4.9.0|>=4.9.0,<4.9.18|>=4.10.0,<4.11.0|>=4.11.0,<4.11.7

Reported by:
FriendsOfPHP/security-advisories, GitHub