VulnerableCode Package Details - pkg:composer/contao/comments-bundle@4.11.1

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:composer/contao/comments-bundle@4.11.1

purl	pkg:composer/contao/comments-bundle@4.11.1

Next non-vulnerable version	4.13.40
Latest non-vulnerable version	5.3.5
Risk	3.1

Vulnerabilities affecting this package (1)

Vulnerability	Summary	Fixed by
VCID-zunq-vjc3-23by Aliases: CVE-2024-28234 GHSA-j55w-hjpj-825g	Contao: Insufficient BBCode sanitizer If BBCode is enabled for comments, users can inject CSS styles.	4.13.40 Affected by 0 other vulnerabilities. 4.13.41 Affected by 0 other vulnerabilities. 5.3.4 Affected by 0 other vulnerabilities. 5.3.5 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-zunq-vjc3-23by
Aliases:
CVE-2024-28234
GHSA-j55w-hjpj-825g

Contao: Insufficient BBCode sanitizer If BBCode is enabled for comments, users can inject CSS styles.

4.13.40
Affected by 0 other vulnerabilities.

4.13.41
Affected by 0 other vulnerabilities.

5.3.4
Affected by 0 other vulnerabilities.

5.3.5
Affected by 0 other vulnerabilities.

Vulnerabilities fixed by this package (0)

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-06-06T04:48:31.447215+00:00	GitLab Importer	Affected by	VCID-zunq-vjc3-23by	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/contao/comments-bundle/CVE-2024-28234.yml	38.6.0