Lucene search
K

13 matches found

Github Security Blog
Github Security Blog
added 2022/05/13 1:7 a.m.22 views

Contao Does Not Expire Tokens Correctly

Security researcher Ali Razzaq has discovered that confirming an opt-in token does not invalidate previous opt-in tokens in Contao 4.7...

9.8CVSS6.8AI score0.01254EPSS
Exploits0References7Affected Software2
OSV
OSV
added 2022/05/13 1:7 a.m.15 views

GHSA-J99G-QJVX-995G Contao Does Not Expire Tokens Correctly

Security researcher Ali Razzaq has discovered that confirming an opt-in token does not invalidate previous opt-in tokens in Contao 4.7...

9.8CVSS9.4AI score0.01254EPSS
Exploits0References6
NVD
NVD
added 2019/04/17 7:29 p.m.26 views

CVE-2019-10643

Contao 4.7 allows Use of a Key Past its Expiration Date...

9.8CVSS9.5AI score0.01254EPSS
Exploits0References2
NVD
NVD
added 2019/04/17 7:29 p.m.28 views

CVE-2019-10642

Contao 4.7 allows CSRF...

8.8CVSS8.7AI score0.00499EPSS
Exploits0References2
Prion
Prion
added 2019/04/17 7:29 p.m.12 views

Code injection

Contao 4.7 allows Use of a Key Past its Expiration Date...

7.5CVSS9.5AI score0.01254EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2019/04/17 7:29 p.m.13 views

Cross site request forgery (csrf)

Contao 4.7 allows CSRF...

6.8CVSS8.7AI score0.00499EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2019/04/17 7:29 p.m.23 views

CVE-2019-10642

Contao 4.7 allows CSRF...

8.8CVSS6.9AI score0.00499EPSS
Exploits0References2
OSV
OSV
added 2019/04/17 7:29 p.m.20 views

CVE-2019-10643

Contao 4.7 allows Use of a Key Past its Expiration Date...

9.8CVSS6.9AI score0.01254EPSS
Exploits0References2
Cvelist
Cvelist
added 2019/04/17 6:54 p.m.25 views

CVE-2019-10642

Contao 4.7 allows CSRF...

8.7AI score0.00499EPSS
Exploits0References2
Cvelist
Cvelist
added 2019/04/17 6:50 p.m.27 views

CVE-2019-10643

Contao 4.7 allows Use of a Key Past its Expiration Date...

9.5AI score0.01254EPSS
Exploits0References2
Contao
Contao
added 2019/04/09 12:0 a.m.20 views

Invalidating opt-in tokens

Date : 2019-04-09 CVEID : CVE-2019-10643 Description Security researcher Ali Razzaq has discovered that confirming an opt-in token does not invalidate previous opt-in tokens in Contao 4.7. Affected versions Contao 4.7 up to 4.7.2 Suggested solution Update to Contao 4.7.3...

9.8CVSS9.4AI score0.01254EPSS
Exploits0Affected Software1
Contao
Contao
added 2019/04/09 12:0 a.m.65 views

Bypassing the request token check

Date : 2019-04-09 CVE ID : CVE-2019-10642 Description Security researcher Ali Razzaq has discovered that the request token check can be bypassed in Contao 4.7 Affected versions Contao 4.7 up to 4.7.2 Suggested solution Update to Contao 4.7.3...

8.8CVSS8.6AI score0.00499EPSS
Exploits0Affected Software1
Contao
Contao
added 2018/04/18 12:0 a.m.18 views

Cross site scripting in the system log

Date : 2018-04-18 CVE ID : CVE-2018-10125 Description With a manipulated request, an attacker can implant a script which is executed when a logged in back end user opens the system log. The attacker does not have to be logged in. Affected versions Contao 3. up to 3.5.33 Contao 4.0 Contao 4.1 Cont...

6.1CVSS5.9AI score0.00811EPSS
Exploits0Affected Software1
Rows per page
Query Builder