Vulnerabilities > Contao

DATE CVE VULNERABILITY TITLE RISK
2021-06-23 CVE-2021-35210 Cross-site Scripting vulnerability in Contao
Contao 4.5.x through 4.9.x before 4.9.16, and 4.10.x through 4.11.x before 4.11.5, allows XSS.
network
contao CWE-79
4.3
2020-10-07 CVE-2020-25768 Improper Input Validation vulnerability in Contao
Contao before 4.4.52, 4.9.x before 4.9.6, and 4.10.x before 4.10.1 have Improper Input Validation.
network
low complexity
contao CWE-20
5.0
2020-03-16 CVE-2018-10125 Cross-site Scripting vulnerability in Contao
Contao before 4.5.7 has XSS in the system log.
network
contao CWE-79
4.3
2020-01-29 CVE-2012-4383 SQL Injection vulnerability in Contao
contao prior to 2.11.4 has a sql injection vulnerability
network
low complexity
contao CWE-89
6.5
2020-01-08 CVE-2014-1860 Deserialization of Untrusted Data vulnerability in Contao CMS
Contao CMS through 3.2.4 has PHP Object Injection Vulnerabilities
network
low complexity
contao CWE-502
7.5
2019-12-17 CVE-2019-19745 Unrestricted Upload of File with Dangerous Type vulnerability in Contao
Contao 4.0 through 4.8.5 allows PHP local file inclusion.
network
low complexity
contao CWE-434
6.5
2019-12-17 CVE-2019-19714 Improper Encoding or Escaping of Output vulnerability in Contao 4.8.4/4.8.5
Contao 4.8.4 and 4.8.5 has Improper Encoding or Escaping of Output.
network
low complexity
contao CWE-116
5.0
2019-12-17 CVE-2019-19712 Incorrect Default Permissions vulnerability in Contao
Contao 4.0 through 4.8.5 has Insecure Permissions.
network
low complexity
contao CWE-276
5.0
2019-07-09 CVE-2019-11512 SQL Injection vulnerability in Contao
Contao 4.x allows SQL Injection.
network
low complexity
contao CWE-89
7.5
2019-04-25 CVE-2017-16558 SQL Injection vulnerability in Contao CMS
Contao 3.0.0 to 3.5.30 and 4.0.0 to 4.4.7 contains an SQL injection vulnerability in the back end as well as in the listing module.
network
low complexity
contao CWE-89
7.5