Contao Cms Security Vulnerabilities and Issues — Contao Cms CVE List

Lucene search

ContaoContao Cms

3 matches found

CVE•added 2011/11/28 11:55 a.m.•30 views

CVE-2011-4335

Multiple cross-site scripting (XSS) vulnerabilities in Contao before 2.10.2 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to index.php in a (1) teachers.html or (2) teachers/ action.

4.3CVSS5.8AI score0.00793EPSS

CVE•added 2017/05/26 5:29 p.m.•30 views

CVE-2015-0269

Directory traversal vulnerability in Contao before 3.2.19, and 3.4.x before 3.4.4 allows remote authenticated "back end" users to view files outside their file mounts or the document root via unspecified vectors.

4.3CVSS4.2AI score0.0046EPSS

CVE•added 2011/01/20 7:0 p.m.•28 views

CVE-2011-0508

Cross-site scripting (XSS) vulnerability in system/modules/comments/Comments.php in Contao CMS 2.9.2, and possibly other versions before 2.9.3, allows remote attackers to inject arbitrary web script or HTML via the HTTP X_FORWARDED_FOR header, which is stored by system/libraries/Environment.php but...

4.3CVSS5.8AI score0.00499EPSS