Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
contao contao 4.0.0 vulnerabilities and exploits
(subscribe to this query)
383
VMScore
CVE-2018-10125
Contao prior to 4.5.7 has XSS in the system log.
Contao Contao
Contao Contao 4.0.0
Contao Contao 4.1.0
Contao Contao 4.2.0
Contao Contao 4.3.0
578
VMScore
CVE-2021-37626
Contao is an open source CMS that allows you to create websites and scalable web applications. In affected versions it is possible to load PHP files by entering insert tags in the Contao back end. Installations are only affected if they have untrusted back end users who have the ...
Contao Contao 4.0.0
Contao Contao 4.1.0
Contao Contao 4.2.0
Contao Contao 4.3.0
Contao Contao
Contao Contao 4.5.0
Contao Contao 4.6.0
Contao Contao 4.7.0
Contao Contao 4.8.0
Contao Contao 4.10.0
578
VMScore
CVE-2021-37627
Contao is an open source CMS that allows creation of websites and scalable web applications. In affected versions it is possible to gain privileged rights in the Contao back end. Installations are only affected if they have untrusted back end users who have access to the form gen...
Contao Contao 4.0.0
Contao Contao 4.1.0
Contao Contao 4.2.0
Contao Contao 4.3.0
Contao Contao
Contao Contao 4.5.0
Contao Contao 4.6.0
Contao Contao 4.7.0
Contao Contao 4.8.0
Contao Contao 4.10.0
580
VMScore
CVE-2017-10993
Contao prior to 3.5.28 and 4.x prior to 4.4.1 allows remote malicious users to include and execute arbitrary local PHP files via a crafted parameter in a URL, aka Directory Traversal.
Contao Contao Cms 4.3.1
Contao Contao Cms 4.3.2
Contao Contao Cms 4.3.3
Contao Contao Cms 4.3.5
Contao Contao Cms 4.2.0
Contao Contao Cms 4.1.1
Contao Contao Cms
Contao Contao Cms 4.3.10
Contao Contao Cms 4.3.11
Contao Contao Cms 4.3.0
Contao Contao Cms 4.1.0
Contao Contao Cms 4.0.1
Contao Contao Cms 4.0.2
Contao Contao Cms 4.0.3
Contao Contao Cms 4.4.0
Contao Contao Cms 4.3.6
Contao Contao Cms 4.3.8
Contao Contao Cms 4.2.2
Contao Contao Cms 4.2.4
Contao Contao Cms 4.1.3
Contao Contao Cms 4.0.4
Contao Contao Cms 4.0.0
312
VMScore
CVE-2021-35955
Contao >=4.0.0 allows backend XSS via HTML attributes to an HTML field. Fixed in 4.4.56, 4.9.18, 4.11.7.
Contao Contao
668
VMScore
CVE-2017-16558
Contao 3.0.0 to 3.5.30 and 4.0.0 to 4.4.7 contains an SQL injection vulnerability in the back end as well as in the listing module.
Contao Contao Cms
NA
CVE-2023-36806
Contao is an open source content management system. Starting in version 4.0.0 and prior to versions 4.9.42, 4.13.28, and 5.1.10, it is possible for untrusted backend users to inject malicious code into headline fields in the back end, which will be executed both in the element pr...
Contao Contao
NA
CVE-2024-28190
Contao is an open source content management system. Starting in version 4.0.0 and prior to version 4.13.40 and 5.3.4, users can inject malicious code in filenames when uploading files (back end and front end), which is then executed in tooltips and popups in the back end. Contao ...
NA
CVE-2024-28191
Contao is an open source content management system. Starting in version 4.0.0 and prior to version 4.13.40 and 5.3.4, it is possible to inject insert tags in frontend forms if the output is structured in a very specific way. Contao versions 4.13.40 and 5.3.4 have a patch for this...
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
blind SQL injection
CVE-2006-4304
CVE-2023-26603
CVE-2024-28327
CVE-2023-50363
CVE-2024-21905
template injection
CVE-2024-3400
cross-site request forgery
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started