Contao@4.0 Security Vulnerabilities and Issues — Contao@4.0 CVE List

Lucene search

ContaoContao4.0

4 matches found

CVE•added 2020/10/07 9:15 p.m.•66 views

CVE-2020-25768

Contao before 4.4.52, 4.9.x before 4.9.6, and 4.10.x before 4.10.1 have Improper Input Validation. It is possible to inject insert tags in front end forms which will be replaced when the page is rendered.

5.3CVSS5AI score0.0031EPSS

CVE•added 2019/12/17 2:15 p.m.•59 views

CVE-2019-19712

Contao 4.0 through 4.8.5 has Insecure Permissions. Back end users can manipulate the details view URL to show pages and articles that have not been enabled for them.

5.3CVSS5.1AI score0.00133EPSS

CVE•added 2019/12/17 3:15 p.m.•55 views

CVE-2019-19745

Contao 4.0 through 4.8.5 allows PHP local file inclusion. A back end user with access to the form generator can upload arbitrary files and execute them on the server.

8.8CVSS8.6AI score0.00476EPSS

CVE•added 2024/10/02 8:15 p.m.•42 views

CVE-2024-45965

Contao before 5.5.6 allows XSS via an SVG document. This affects (in contao/core-bundle in Composer) 4.x before 4.13.54, 5.0.x through 5.3.x before 5.3.30, and 5.4.x and 5.5..x before 5.5.6.

6.4CVSS5AI score0.00176EPSS