CVE-2024-30262

Contao is an open source content management system. Prior to version 4.13.40, when a frontend member changes their password in the personal data or the password lost module, the corresponding remember-me tokens are not removed. If someone compromises an account and is able to get a remember-me...

CVE-2024-30262

Contao CVE-2024-30262: In versions prior to 4.13.40, when a frontend member changes their password (in Personal Data or Password Lost modules), associated remember-me tokens are not cleared, allowing ongoing access if a token was compromised. The issue is fixed in Contao 4.13.40. A recommended wo...

CVE-2024-30262 Contao's remember-me tokens will not be cleared after a password change

Contao is an open source content management system. Prior to version 4.13.40, when a frontend member changes their password in the personal data or the password lost module, the corresponding remember-me tokens are not removed. If someone compromises an account and is able to get a remember-me...

CVE-2024-30262 Contao's remember-me tokens will not be cleared after a password change

Contao is an open source content management system. Prior to version 4.13.40, when a frontend member changes their password in the personal data or the password lost module, the corresponding remember-me tokens are not removed. If someone compromises an account and is able to get a remember-me...

CVE-2024-28234

Contao is an open source content management system. Starting in version 2.0.0 and prior to versions 4.13.40 and 5.3.4, it is possible to inject CSS styles via BBCode in comments. Installations are only affected if BBCode is enabled. Contao versions 4.13.40 and 5.3.4 have a patch for this issue. A...

CVE-2024-28191

CVE-2024-28191 (Contao) concerns the Contao CMS. The issue allows injection of insert tags in frontend forms when the submitted data is output on the page in a very specific way, due to insufficient validation in the form generator. Affected versions include Contao 4.x up to 4.13.39 and Contao 5....

CVE-2024-28190 Contao core bundle vulnerable to cross site scripting in the file manager

Contao is an open source content management system. Starting in version 4.0.0 and prior to version 4.13.40 and 5.3.4, users can inject malicious code in filenames when uploading files back end and front end, which is then executed in tooltips and popups in the back end. Contao versions 4.13.40 an...

CVE-2024-28190

Contao core/file management is vulnerable to Cross‑Site Scripting via filenames during file upload. In Contao 4.x and 5.x, versions prior to 4.13.40 and 5.3.4 allow attackers to inject malicious code in uploaded filenames, which is then executed in backend tooltips and popups. Affected versions i...

Contao 代码问题漏洞

Contao is an open source content management system CMS developed in PHP. The system supports search engines, rights management, and CSS frameworks. A security vulnerability exists in Contao versions prior to 4.13.40, which stems from a token not being cleared after a password change on the front...

Contao 安全漏洞

Contao is an open source content management system CMS developed in PHP. The system supports search engines, rights management, and CSS frameworks. A security vulnerability exists in Contao version 4.x prior to version 4.13.40 and version 5.x prior to version 5.3.4, which stems from the ability t...