13 matches found
Contao Does Not Expire Tokens Correctly
Security researcher Ali Razzaq has discovered that confirming an opt-in token does not invalidate previous opt-in tokens in Contao 4.7...
GHSA-J99G-QJVX-995G Contao Does Not Expire Tokens Correctly
Security researcher Ali Razzaq has discovered that confirming an opt-in token does not invalidate previous opt-in tokens in Contao 4.7...
CVE-2019-10643
Contao 4.7 allows Use of a Key Past its Expiration Date...
CVE-2019-10642
Contao 4.7 allows CSRF...
Code injection
Contao 4.7 allows Use of a Key Past its Expiration Date...
Cross site request forgery (csrf)
Contao 4.7 allows CSRF...
CVE-2019-10642
Contao 4.7 allows CSRF...
CVE-2019-10643
Contao 4.7 allows Use of a Key Past its Expiration Date...
CVE-2019-10642
Contao 4.7 allows CSRF...
CVE-2019-10643
Contao 4.7 allows Use of a Key Past its Expiration Date...
Invalidating opt-in tokens
Date : 2019-04-09 CVEID : CVE-2019-10643 Description Security researcher Ali Razzaq has discovered that confirming an opt-in token does not invalidate previous opt-in tokens in Contao 4.7. Affected versions Contao 4.7 up to 4.7.2 Suggested solution Update to Contao 4.7.3...
Bypassing the request token check
Date : 2019-04-09 CVE ID : CVE-2019-10642 Description Security researcher Ali Razzaq has discovered that the request token check can be bypassed in Contao 4.7 Affected versions Contao 4.7 up to 4.7.2 Suggested solution Update to Contao 4.7.3...
Cross site scripting in the system log
Date : 2018-04-18 CVE ID : CVE-2018-10125 Description With a manipulated request, an attacker can implant a script which is executed when a logged in back end user opens the system log. The attacker does not have to be logged in. Affected versions Contao 3. up to 3.5.33 Contao 4.0 Contao 4.1 Cont...