Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
contao vulnerabilities and exploits
(subscribe to this query)
668
VMScore
CVE-2022-26265
Contao Managed Edition v1.5.0 exists to contain a remote command execution (RCE) vulnerability via the component php_cli parameter.
Contao Contao 1.5.0
2 Github repositories
312
VMScore
CVE-2021-35955
Contao >=4.0.0 allows backend XSS via HTML attributes to an HTML field. Fixed in 4.4.56, 4.9.18, 4.11.7.
Contao Contao
578
VMScore
CVE-2021-37627
Contao is an open source CMS that allows creation of websites and scalable web applications. In affected versions it is possible to gain privileged rights in the Contao back end. Installations are only affected if they have untrusted back end users who have access to the form gen...
Contao Contao 4.0.0
Contao Contao 4.1.0
Contao Contao 4.2.0
Contao Contao 4.3.0
Contao Contao
Contao Contao 4.5.0
Contao Contao 4.6.0
Contao Contao 4.7.0
Contao Contao 4.8.0
Contao Contao 4.10.0
578
VMScore
CVE-2021-37626
Contao is an open source CMS that allows you to create websites and scalable web applications. In affected versions it is possible to load PHP files by entering insert tags in the Contao back end. Installations are only affected if they have untrusted back end users who have the ...
Contao Contao 4.0.0
Contao Contao 4.1.0
Contao Contao 4.2.0
Contao Contao 4.3.0
Contao Contao
Contao Contao 4.5.0
Contao Contao 4.6.0
Contao Contao 4.7.0
Contao Contao 4.8.0
Contao Contao 4.10.0
383
VMScore
CVE-2021-35210
Contao 4.5.x up to and including 4.9.x prior to 4.9.16, and 4.10.x up to and including 4.11.x prior to 4.11.5, allows XSS. It is possible to inject code into the tl_log table that will be executed in the browser when the system log is called in the back end.
Contao Contao
445
VMScore
CVE-2020-25768
Contao prior to 4.4.52, 4.9.x prior to 4.9.6, and 4.10.x prior to 4.10.1 have Improper Input Validation. It is possible to inject insert tags in front end forms which will be replaced when the page is rendered.
Contao Contao
383
VMScore
CVE-2018-10125
Contao prior to 4.5.7 has XSS in the system log.
Contao Contao
Contao Contao 4.0.0
Contao Contao 4.1.0
Contao Contao 4.2.0
Contao Contao 4.3.0
578
VMScore
CVE-2012-4383
contao before 2.11.4 has a sql injection vulnerability
Contao Contao
668
VMScore
CVE-2014-1860
Contao CMS up to and including 3.2.4 has PHP Object Injection Vulnerabilities
Contao Contao Cms
445
VMScore
CVE-2019-19714
Contao 4.8.4 and 4.8.5 has Improper Encoding or Escaping of Output. It is possible to inject insert tags into the login module which will be replaced when the page is rendered.
Contao Contao 4.8.4
Contao Contao 4.8.5
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4367
CVE-2024-3611
CVE-2024-4947
CVE-2024-32988
CVE-2020-35165
local file inclusion
CVE-2024-4980
bypass
malicious code
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
NEXT »