Lucene search
+L

517 matches found

RedhatCVE
RedhatCVE
added 2025/03/20 7:20 p.m.15 views

CVE-2025-29790

Contao is an Open Source CMS. Users can upload SVG files with malicious code, which is then executed in the back end and/or front end. This vulnerability is fixed in Contao 4.13.54, 5.3.30, or 5.5.6...

4.8CVSS6.8AI score0.00203EPSS
Exploits0References1
Snyk
Snyk
added 2025/03/19 6:36 a.m.6 views

Cross-site Scripting (XSS)

Overview contao/core-bundle is an Open Source PHP Content Management System for people who want a professional website that is easy to maintain. Affected versions of this package are vulnerable to Cross-site Scripting XSS in the uploadTo function in FileUpload.php. An attacker can execute scripts...

5.4CVSS5.5AI score0.00203EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2025/03/18 9:7 p.m.21 views

Contao Vulnerable to Cross-Site Scripting (XSS) through SVG uploads

Impact Users can upload SVG files with malicious code, which is then executed in the back end and/or front end. Patches Update to Contao 4.13.54, 5.3.30 or 5.5.6. Workarounds Remove svg,svgz from the allowed upload file types in the system settings and from contao.editablefiles in the config.yaml...

5.4CVSS7AI score0.00203EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2025/03/18 9:7 p.m.13 views

GHSA-VQQR-FGMH-F626 Contao Vulnerable to Cross-Site Scripting (XSS) through SVG uploads

Impact Users can upload SVG files with malicious code, which is then executed in the back end and/or front end. Patches Update to Contao 4.13.54, 5.3.30 or 5.5.6. Workarounds Remove svg,svgz from the allowed upload file types in the system settings and from contao.editablefiles in the config.yaml...

4.8CVSS6.7AI score0.00203EPSS
Exploits0References4
NVD
NVD
added 2025/03/18 7:15 p.m.24 views

CVE-2025-29790

Contao is an Open Source CMS. Users can upload SVG files with malicious code, which is then executed in the back end and/or front end. This vulnerability is fixed in Contao 4.13.54, 5.3.30, or 5.5.6...

5.4CVSS0.00203EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/03/18 6:36 p.m.9 views

CVE-2025-29790 Contao allows cross-site scripting through SVG uploads

Contao is an Open Source CMS. Users can upload SVG files with malicious code, which is then executed in the back end and/or front end. This vulnerability is fixed in Contao 4.13.54, 5.3.30, or 5.5.6...

4.8CVSS6.8AI score0.00203EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/03/18 6:36 p.m.24 views

CVE-2025-29790 Contao allows cross-site scripting through SVG uploads

Contao is an Open Source CMS. Users can upload SVG files with malicious code, which is then executed in the back end and/or front end. This vulnerability is fixed in Contao 4.13.54, 5.3.30, or 5.5.6...

4.8CVSS0.00203EPSS
Exploits0References2
CVE
CVE
added 2025/03/18 6:36 p.m.83 views

CVE-2025-29790

Contao CMS is affected by a Cross‑Site Scripting (XSS) vulnerability triggered by uploading SVG files containing malicious code, which can be executed in backend or frontend contexts. Affected versions are not specified in the initial document, but remediation is provided: upgrade to Contao 4.13....

5.4CVSS6.5AI score0.00203EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2025/03/18 6:36 p.m.5 views

CVE-2025-29790 Contao allows cross-site scripting through SVG uploads

Contao is an Open Source CMS. Users can upload SVG files with malicious code, which is then executed in the back end and/or front end. This vulnerability is fixed in Contao 4.13.54, 5.3.30, or 5.5.6...

4.8CVSS7AI score0.00203EPSS
Exploits0References4
CNNVD
CNNVD
added 2025/03/18 12:0 a.m.7 views

Contao 跨站脚本漏洞

Contao is Contao open source a set of open source content management system CMS developed using PHP. The system supports search engines, rights management, and CSS frameworks. Contao suffers from a cross-site scripting vulnerability that stems from the fact that users can upload SVG files...

5.4CVSS6.3AI score0.00203EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/02/06 4:49 a.m.10 views

CVE-2021-37626

Contao is an open source CMS that allows you to create websites and scalable web applications. In affected versions it is possible to load PHP files by entering insert tags in the Contao back end. Installations are only affected if they have untrusted back end users who have the rights to modify...

7.2CVSS6.8AI score0.01254EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/06 4:47 a.m.9 views

CVE-2021-37627

Contao is an open source CMS that allows creation of websites and scalable web applications. In affected versions it is possible to gain privileged rights in the Contao back end. Installations are only affected if they have untrusted back end users who have access to the form generator. All users...

8CVSS6.8AI score0.01023EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/05 9:46 p.m.5 views

CVE-2022-24899

Contao is a powerful open source CMS that allows you to create professional websites and scalable web applications. In versions of Contao prior to 4.13.3 it is possible to inject code into the canonical tag. As a workaround users may disable canonical tags in the root page settings...

7.2CVSS6.7AI score0.04396EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/05 3:38 a.m.8 views

CVE-2024-45398

Contao is an Open Source CMS. In affected versions a back end user with access to the file manager can upload malicious files and execute them on the server. Users are advised to update to Contao 4.13.49, 5.3.15 or 5.4.3. Users unable to update are advised to configure their web server so it does...

8.8CVSS7.1AI score0.00532EPSS
Exploits0References1
Veracode
Veracode
added 2024/10/03 11:32 a.m.5 views

Cross-site Scripting (XSS)

Contao is vulnerable to stored Cross-site Scripting XSS. The vulnerability is due to improper validation of SVG file uploads, allowing an authenticated admin to upload a file containing malicious JavaScript that can be executed when accessed through the website...

6.4CVSS6AI score0.00318EPSS
Exploits1References3Affected Software1
Github Security Blog
Github Security Blog
added 2024/10/02 9:30 p.m.21 views

Duplicate Advisory: Contao allows admin an account to upload SVG file containing malicious JavaScript

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-vqqr-fgmh-f626. This link is maintained to preserve external references. Original Description Contao 5.4.1 allows an authenticated admin account to upload a SVG file containing malicious javascript code into the...

6.4CVSS6AI score0.00318EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2024/10/02 9:30 p.m.18 views

GHSA-MRW8-5368-PHM3 Duplicate Advisory: Contao allows admin an account to upload SVG file containing malicious JavaScript

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-vqqr-fgmh-f626. This link is maintained to preserve external references. Original Description Contao 5.4.1 allows an authenticated admin account to upload a SVG file containing malicious javascript code into the...

4.8CVSS6AI score0.00318EPSS
Exploits1References4
NVD
NVD
added 2024/10/02 8:15 p.m.20 views

CVE-2024-45965

Contao before 5.5.6 allows XSS via an SVG document. This affects in contao/core-bundle in Composer 4.x before 4.13.54, 5.0.x through 5.3.x before 5.3.30, and 5.4.x and 5.5..x before 5.5.6...

6.4CVSS0.00318EPSS
Exploits1References2
CNNVD
CNNVD
added 2024/10/02 12:0 a.m.4 views

Contao 代码问题漏洞

Contao is an open source Content Management System CMS developed in PHP by Contao Open Source. The system supports search engines, rights management and CSS frameworks. A security vulnerability exists in Contao version 5.4.1. The vulnerability is exploited by attackers to perform cross-site...

6.4CVSS7AI score0.00318EPSS
Exploits1References6
Vulnrichment
Vulnrichment
added 2024/10/02 12:0 a.m.8 views

CVE-2024-45965

Contao before 5.5.6 allows XSS via an SVG document. This affects in contao/core-bundle in Composer 4.x before 4.13.54, 5.0.x through 5.3.x before 5.3.30, and 5.4.x and 5.5..x before 5.5.6...

6.4CVSS4.8AI score0.00318EPSS
Exploits1References2
Rows per page
Query Builder