Lucene search
K

13 matches found

OSV
OSV
added 2025/11/25 7:6 p.m.4 views

CVE-2025-65961 Contao is vulnerable to cross-site scripting in templates

Contao is an Open Source CMS. From version 4.0.0 to before 4.13.57, before 5.3.42, and before 5.6.5, it is possible to inject code into the template output that will be executed in the browser in the front end and back end. This issue has been patched in versions 4.13.57, 5.3.42, and 5.6.5. A...

3.3CVSS6.9AI score0.00142EPSS
Exploits0References4
OSV
OSV
added 2025/11/25 6:54 p.m.4 views

CVE-2025-65960 Contao is vulnerable to remote code execution in template closures

Contao is an Open Source CMS. From version 4.0.0 to before 4.13.57, before 5.3.42, and before 5.6.5, back end users with precise control over the contents of template closures can execute arbitrary PHP functions that do not have required parameters. This issue has been patched in versions 4.13.57...

6.6CVSS7.2AI score0.00155EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2023-1294

Malicious code in bioql PyPI...

6.5CVSS6.5AI score0.00797EPSS
Exploits0References7
CNNVD
CNNVD
added 2025/08/28 12:0 a.m.15 views

Contao 安全漏洞

Contao is an open source Content Management System CMS developed in PHP by Contao Open Source. The system supports search engines, rights management, and CSS frameworks. A security vulnerability exists in Contao version 5.3.38 and versions prior to 5.6.1, which stems from an unfiltered protected...

5.3CVSS6.3AI score0.00281EPSS
Exploits0References5
CNNVD
CNNVD
added 2025/08/28 12:0 a.m.4 views

Contao 访问控制错误漏洞

Contao is an open source Content Management System CMS developed in PHP by Contao Open Source. The system supports search engines, rights management and CSS frameworks. An access control error vulnerability exists in Contao version 5.3.38 and versions prior to 5.6.1, which stems from the back-end...

4.3CVSS6.5AI score0.00225EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2025/05/22 5:41 a.m.3 views

CVE-2014-1860

Contao CMS through 3.2.4 has PHP Object Injection Vulnerabilities...

9.8CVSS7.3AI score0.03648EPSS
Exploits2References1
OSV
OSV
added 2025/03/18 6:36 p.m.4 views

CVE-2025-29790 Contao allows cross-site scripting through SVG uploads

Contao is an Open Source CMS. Users can upload SVG files with malicious code, which is then executed in the back end and/or front end. This vulnerability is fixed in Contao 4.13.54, 5.3.30, or 5.5.6...

4.8CVSS7AI score0.00203EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2024/04/09 3:50 p.m.17 views

CVE-2024-28235 Contao possible cookie sharing with external domains while checking protected pages for broken links

Contao is an open source content management system. Starting in version 4.9.0 and prior to versions 4.13.40 and 5.3.4, when checking for broken links on protected pages, Contao sends the cookie header to external urls as well, the passed options for the http client are used for all requests. Cont...

8.3CVSS6.7AI score0.00708EPSS
Exploits0References5
CNNVD
CNNVD
added 2022/05/05 12:0 a.m.4 views

Contao 跨站脚本漏洞

Contao is an open source content management system CMS developed using PHP. The system supports search engines, rights management and CSS frameworks. A security vulnerability exists in Contao versions 4.13.0 through 4.13.3 and earlier, which allows untrusted users to inject malicious code into...

7.2CVSS6.8AI score0.03795EPSS
Exploits0References5
CNNVD
CNNVD
added 2022/05/05 12:0 a.m.3 views

编号撤回

Contao is an open source content management system CMS developed using PHP. A cross-site scripting vulnerability exists in versions of Contao prior to 4.13.3, which stems from the application's lack of validation of user input. An attacker could exploit this vulnerability to execute malicious...

5.5AI score
Exploits3
CNVD
CNVD
added 2019/12/18 12:0 a.m.3 views

Contao Output Improperly Encoded or Escaped Vulnerability

Contao is an open source content management system CMS developed using PHP. The system supports search engines, rights management and CSS frameworks. An improper output encoding or escaping vulnerability exists in Contao versions 4.8.4 and 4.8.5. An attacker can exploit this vulnerability by...

5.3CVSS7.8AI score0.00819EPSS
Exploits0References1
CNVD
CNVD
added 2019/05/06 12:0 a.m.4 views

Contao SQL Injection Vulnerability

Contao is an open source content management system CMS developed using PHP. The system supports search engine , rights management and CSS framework . Contao has a SQL injection vulnerability that can be exploited by attackers to execute illegal SQL commands...

9.8CVSS8.3AI score0.01462EPSS
Exploits0References1
CNVD
CNVD
added 2017/05/31 12:0 a.m.4 views

Contao Directory Traversal Vulnerability

Contao is an open source content management system CMS developed using PHP. The system supports search engine , rights management and CSS framework . A directory traversal vulnerability exists in Contao versions prior to 3.2.19 and 3.4.x prior to 3.4.4. A remote attacker can exploit this...

4.3CVSS7AI score0.01419EPSS
Exploits0References1
Rows per page
Query Builder