Vulnerabilities > Contao

DATE CVE VULNERABILITY TITLE RISK
2022-05-06 CVE-2022-24899 Cross-site Scripting vulnerability in Contao 4.13.0/4.13.1/4.13.2
Contao is a powerful open source CMS that allows you to create professional websites and scalable web applications.
network
contao CWE-79
4.3
2022-05-05 CVE-2022-1588 Cross-site Scripting vulnerability in Contao
Cross-site Scripting (XSS) in GitHub repository contao/contao prior to 4.13.3.
network
contao CWE-79
4.3
2022-03-18 CVE-2022-26265 Command Injection vulnerability in Contao 1.5.0
Contao Managed Edition v1.5.0 was discovered to contain a remote command execution (RCE) vulnerability via the component php_cli parameter.
network
low complexity
contao CWE-77
7.5
2021-06-23 CVE-2021-35210 Cross-site Scripting vulnerability in Contao
Contao 4.5.x through 4.9.x before 4.9.16, and 4.10.x through 4.11.x before 4.11.5, allows XSS.
network
contao CWE-79
4.3
2020-10-07 CVE-2020-25768 Improper Input Validation vulnerability in Contao
Contao before 4.4.52, 4.9.x before 4.9.6, and 4.10.x before 4.10.1 have Improper Input Validation.
network
low complexity
contao CWE-20
5.0
2020-03-16 CVE-2018-10125 Cross-site Scripting vulnerability in Contao
Contao before 4.5.7 has XSS in the system log.
network
contao CWE-79
4.3
2020-01-29 CVE-2012-4383 SQL Injection vulnerability in Contao
contao prior to 2.11.4 has a sql injection vulnerability
network
low complexity
contao CWE-89
6.5
2020-01-08 CVE-2014-1860 Deserialization of Untrusted Data vulnerability in Contao CMS
Contao CMS through 3.2.4 has PHP Object Injection Vulnerabilities
network
low complexity
contao CWE-502
7.5
2019-12-17 CVE-2019-19745 Unrestricted Upload of File with Dangerous Type vulnerability in Contao
Contao 4.0 through 4.8.5 allows PHP local file inclusion.
network
low complexity
contao CWE-434
6.5
2019-12-17 CVE-2019-19714 Improper Encoding or Escaping of Output vulnerability in Contao 4.8.4/4.8.5
Contao 4.8.4 and 4.8.5 has Improper Encoding or Escaping of Output.
network
low complexity
contao CWE-116
5.0