Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
contao contao vulnerabilities and exploits
(subscribe to this query)
445
VMScore
CVE-2020-25768
Contao prior to 4.4.52, 4.9.x prior to 4.9.6, and 4.10.x prior to 4.10.1 have Improper Input Validation. It is possible to inject insert tags in front end forms which will be replaced when the page is rendered.
Contao Contao
NA
CVE-2023-29200
Contao is an open source content management system. Prior to versions 4.9.40, 4.13.21, and 5.1.4, logged in users can list arbitrary system files in the file manager by manipulating the Ajax request. However, it is not possible to read the contents of these files. Users should up...
Contao Contao
NA
CVE-2023-36806
Contao is an open source content management system. Starting in version 4.0.0 and prior to versions 4.9.42, 4.13.28, and 5.1.10, it is possible for untrusted backend users to inject malicious code into headline fields in the back end, which will be executed both in the element pr...
Contao Contao
578
VMScore
CVE-2012-4383
contao before 2.11.4 has a sql injection vulnerability
Contao Contao
668
VMScore
CVE-2019-11512
Contao 4.x allows SQL Injection. Fixed in Contao 4.4.39 and Contao 4.7.5.
Contao Contao
NA
CVE-2018-5478
Contao 3.x prior to 3.5.32 allows XSS via the unsubscribe module in the frontend newsletter extension.
Contao Contao
383
VMScore
CVE-2021-35210
Contao 4.5.x up to and including 4.9.x prior to 4.9.16, and 4.10.x up to and including 4.11.x prior to 4.11.5, allows XSS. It is possible to inject code into the tl_log table that will be executed in the browser when the system log is called in the back end.
Contao Contao
312
VMScore
CVE-2021-35955
Contao >=4.0.0 allows backend XSS via HTML attributes to an HTML field. Fixed in 4.4.56, 4.9.18, 4.11.7.
Contao Contao
383
VMScore
CVE-2022-24899
Contao is a powerful open source CMS that allows you to create professional websites and scalable web applications. In versions of Contao before 4.13.3 it is possible to inject code into the canonical tag. As a workaround users may disable canonical tags in the root page settings...
Contao Contao
668
VMScore
CVE-2017-16558
Contao 3.0.0 to 3.5.30 and 4.0.0 to 4.4.7 contains an SQL injection vulnerability in the back end as well as in the listing module.
Contao Contao Cms
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
cross-site request forgery
CVE-2024-34351
CVE-2024-1076
CVE-2024-25522
CVE-2024-34547
CVE-2024-4644
unauthorized
remote
CVE-2024-4671
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
NEXT »