13 matches found
CVE-2025-65961 Contao is vulnerable to cross-site scripting in templates
Contao is an Open Source CMS. From version 4.0.0 to before 4.13.57, before 5.3.42, and before 5.6.5, it is possible to inject code into the template output that will be executed in the browser in the front end and back end. This issue has been patched in versions 4.13.57, 5.3.42, and 5.6.5. A...
CVE-2025-65960 Contao is vulnerable to remote code execution in template closures
Contao is an Open Source CMS. From version 4.0.0 to before 4.13.57, before 5.3.42, and before 5.6.5, back end users with precise control over the contents of template closures can execute arbitrary PHP functions that do not have required parameters. This issue has been patched in versions 4.13.57...
EUVD-2023-1294
Malicious code in bioql PyPI...
Contao 安全漏洞
Contao is an open source Content Management System CMS developed in PHP by Contao Open Source. The system supports search engines, rights management, and CSS frameworks. A security vulnerability exists in Contao version 5.3.38 and versions prior to 5.6.1, which stems from an unfiltered protected...
Contao 访问控制错误漏洞
Contao is an open source Content Management System CMS developed in PHP by Contao Open Source. The system supports search engines, rights management and CSS frameworks. An access control error vulnerability exists in Contao version 5.3.38 and versions prior to 5.6.1, which stems from the back-end...
CVE-2014-1860
Contao CMS through 3.2.4 has PHP Object Injection Vulnerabilities...
CVE-2025-29790 Contao allows cross-site scripting through SVG uploads
Contao is an Open Source CMS. Users can upload SVG files with malicious code, which is then executed in the back end and/or front end. This vulnerability is fixed in Contao 4.13.54, 5.3.30, or 5.5.6...
CVE-2024-28235 Contao possible cookie sharing with external domains while checking protected pages for broken links
Contao is an open source content management system. Starting in version 4.9.0 and prior to versions 4.13.40 and 5.3.4, when checking for broken links on protected pages, Contao sends the cookie header to external urls as well, the passed options for the http client are used for all requests. Cont...
Contao 跨站脚本漏洞
Contao is an open source content management system CMS developed using PHP. The system supports search engines, rights management and CSS frameworks. A security vulnerability exists in Contao versions 4.13.0 through 4.13.3 and earlier, which allows untrusted users to inject malicious code into...
编号撤回
Contao is an open source content management system CMS developed using PHP. A cross-site scripting vulnerability exists in versions of Contao prior to 4.13.3, which stems from the application's lack of validation of user input. An attacker could exploit this vulnerability to execute malicious...
Contao Output Improperly Encoded or Escaped Vulnerability
Contao is an open source content management system CMS developed using PHP. The system supports search engines, rights management and CSS frameworks. An improper output encoding or escaping vulnerability exists in Contao versions 4.8.4 and 4.8.5. An attacker can exploit this vulnerability by...
Contao SQL Injection Vulnerability
Contao is an open source content management system CMS developed using PHP. The system supports search engine , rights management and CSS framework . Contao has a SQL injection vulnerability that can be exploited by attackers to execute illegal SQL commands...
Contao Directory Traversal Vulnerability
Contao is an open source content management system CMS developed using PHP. The system supports search engine , rights management and CSS framework . A directory traversal vulnerability exists in Contao versions prior to 3.2.19 and 3.4.x prior to 3.4.4. A remote attacker can exploit this...