Vulnerabilities > Contao

DATE CVE VULNERABILITY TITLE RISK
2024-09-17 CVE-2024-45398 Unrestricted Upload of File with Dangerous Type vulnerability in Contao
Contao is an Open Source CMS.
network
low complexity
contao CWE-434
8.8
8.8
2024-09-17 CVE-2024-45604 Path Traversal vulnerability in Contao
Contao is an Open Source CMS.
network
low complexity
contao CWE-22
4.3
4.3
2024-09-17 CVE-2024-45612 Injection vulnerability in Contao
Contao is an Open Source CMS.
network
low complexity
contao CWE-74
5.3
5.3
2023-09-21 CVE-2018-5478 Cross-site Scripting vulnerability in Contao
Contao 3.x before 3.5.32 allows XSS via the unsubscribe module in the frontend newsletter extension.
network
low complexity
contao CWE-79
6.1
6.1
2023-07-25 CVE-2023-36806 Cross-site Scripting vulnerability in Contao
Contao is an open source content management system.
network
low complexity
contao CWE-79
5.4
5.4
2023-04-25 CVE-2023-29200 Path Traversal vulnerability in Contao
Contao is an open source content management system.
network
low complexity
contao CWE-22
6.5
6.5
2022-05-06 CVE-2022-24899 Cross-site Scripting vulnerability in Contao 4.13.0/4.13.1/4.13.2
Contao is a powerful open source CMS that allows you to create professional websites and scalable web applications.
network
contao CWE-79
4.3
4.3
2022-03-18 CVE-2022-26265 OS Command Injection vulnerability in Contao 1.5.0
Contao Managed Edition v1.5.0 was discovered to contain a remote command execution (RCE) vulnerability via the component php_cli parameter.
network
low complexity
contao CWE-78
critical
 9.8
9.8
2021-06-23 CVE-2021-35210 Cross-site Scripting vulnerability in Contao
Contao 4.5.x through 4.9.x before 4.9.16, and 4.10.x through 4.11.x before 4.11.5, allows XSS.
network
contao CWE-79
4.3
4.3
2020-10-07 CVE-2020-25768 Improper Input Validation vulnerability in Contao
Contao before 4.4.52, 4.9.x before 4.9.6, and 4.10.x before 4.10.1 have Improper Input Validation.
network
low complexity
contao CWE-20
5.0
5.0