Contao · Contao · CVE-2024-28234
**Name of the Vulnerable Software and Affected Versions**
Contao versions 2.0.0 through 4.13.39
Contao versions 5.0.0 through 5.3.3
**Description**
The issue allows injection of CSS styles via BBCode in comments. Installations are only affected if BBCode is enabled for comments.
**Recommendations**
For Contao versions 2.0.0 through 4.13.39, update to Contao 4.13.40.
For Contao versions 5.0.0 through 5.3.3, update to Contao 5.3.4.
As a temporary workaround for all affected versions, consider disabling BBCode for comments to minimize the risk of exploitation.