CVE-2018-5478

Name of the Vulnerable Software and Affected Versions Contao versions 3.x through 3.5.31

Description The issue allows Cross-site Scripting (XSS) via the unsubscribe module in the frontend newsletter extension. This can be exploited to execute malicious scripts in the context of the affected application.

Recommendations For Contao versions 3.x through 3.5.31, update to version 3.5.32 or later to resolve the issue. As a temporary workaround, consider disabling the unsubscribe module in the frontend newsletter extension until a patch is available. Restrict access to the frontend newsletter extension to minimize the risk of exploitation.