Vulnerabilities > Contao > Contao CMS > 4.7.0

DATE CVE VULNERABILITY TITLE RISK
2019-04-17 CVE-2019-10643 Key Management Errors vulnerability in Contao CMS 4.7.0
Contao 4.7 allows Use of a Key Past its Expiration Date.
network
low complexity
contao CWE-320
7.5
7.5
2019-04-17 CVE-2019-10642 Cross-Site Request Forgery (CSRF) vulnerability in Contao CMS 4.7.0
Contao 4.7 allows CSRF.
network
contao CWE-352
6.8
6.8
2019-04-17 CVE-2019-10641 Weak Password Recovery Mechanism for Forgotten Password vulnerability in Contao CMS
Contao before 3.5.39 and 4.x before 4.7.3 has a Weak Password Recovery Mechanism for a Forgotten Password.
network
low complexity
contao CWE-640
5.0
5.0