3 matches found
CVE-2025-65961
Contao CMS vulnerability CVE-2025-65961 enables cross-site scripting via template output in affected templates. Affected versions: 4.0.0–4.13.57, 5.0–before 5.3.42, and before 5.6.5. Root cause: injection of code into template output executed in both front-end and back-end browsers. Mitigation/Re...
CVE-2025-65960 Contao is vulnerable to remote code execution in template closures
Contao is an Open Source CMS. From version 4.0.0 to before 4.13.57, before 5.3.42, and before 5.6.5, back end users with precise control over the contents of template closures can execute arbitrary PHP functions that do not have required parameters. This issue has been patched in versions 4.13.57...
CVE-2025-65960
The CVE-2025-65960 vulnerability affects Contao CMS prior to versions 4.13.57, 5.3.42, and 5.6.5. It exploits insufficient input handling in the Template::once() method within template closures, allowing backend users with content-control privileges to execute arbitrary PHP functions that lack re...