Vulnerabilities > Contao > Contao > 4.4.16

DATE CVE VULNERABILITY TITLE RISK
2023-07-25 CVE-2023-36806 Cross-site Scripting vulnerability in Contao
Contao is an open source content management system.
network
low complexity
contao CWE-79
5.4
5.4
2023-04-25 CVE-2023-29200 Path Traversal vulnerability in Contao
Contao is an open source content management system.
network
low complexity
contao CWE-22
6.5
6.5
2020-10-07 CVE-2020-25768 Improper Input Validation vulnerability in Contao
Contao before 4.4.52, 4.9.x before 4.9.6, and 4.10.x before 4.10.1 have Improper Input Validation.
network
low complexity
contao CWE-20
5.0
5.0
2020-03-16 CVE-2018-10125 Cross-site Scripting vulnerability in Contao
Contao before 4.5.7 has XSS in the system log.
network
contao CWE-79
4.3
4.3
2019-12-17 CVE-2019-19745 Unrestricted Upload of File with Dangerous Type vulnerability in Contao
Contao 4.0 through 4.8.5 allows PHP local file inclusion.
network
low complexity
contao CWE-434
6.5
6.5
2019-12-17 CVE-2019-19712 Incorrect Default Permissions vulnerability in Contao
Contao 4.0 through 4.8.5 has Insecure Permissions.
network
low complexity
contao CWE-276
5.0
5.0
2019-07-09 CVE-2019-11512 SQL Injection vulnerability in Contao
Contao 4.x allows SQL Injection.
network
low complexity
contao CWE-89
7.5
7.5