Vulnerabilities > Contao

DATE CVE VULNERABILITY TITLE RISK
2021-08-11 CVE-2021-37627 Improper Privilege Management vulnerability in Contao
Contao is an open source CMS that allows creation of websites and scalable web applications.
network
low complexity
contao CWE-269
7.2
2021-06-23 CVE-2021-35210 Cross-site Scripting vulnerability in Contao
Contao 4.5.x through 4.9.x before 4.9.16, and 4.10.x through 4.11.x before 4.11.5, allows XSS.
network
low complexity
contao CWE-79
6.1
2020-10-07 CVE-2020-25768 Injection vulnerability in Contao
Contao before 4.4.52, 4.9.x before 4.9.6, and 4.10.x before 4.10.1 have Improper Input Validation.
network
low complexity
contao CWE-74
5.3
2020-03-16 CVE-2018-10125 Cross-site Scripting vulnerability in Contao
Contao before 4.5.7 has XSS in the system log.
network
low complexity
contao CWE-79
6.1
2020-01-29 CVE-2012-4383 SQL Injection vulnerability in Contao
contao prior to 2.11.4 has a sql injection vulnerability
network
low complexity
contao CWE-89
8.8
2020-01-08 CVE-2014-1860 Deserialization of Untrusted Data vulnerability in Contao CMS
Contao CMS through 3.2.4 has PHP Object Injection Vulnerabilities
network
low complexity
contao CWE-502
critical
9.8
2019-12-17 CVE-2019-19745 Unrestricted Upload of File with Dangerous Type vulnerability in Contao
Contao 4.0 through 4.8.5 allows PHP local file inclusion.
network
low complexity
contao CWE-434
8.8
2019-12-17 CVE-2019-19714 Improper Encoding or Escaping of Output vulnerability in Contao 4.8.4/4.8.5
Contao 4.8.4 and 4.8.5 has Improper Encoding or Escaping of Output.
network
low complexity
contao CWE-116
5.3
2019-12-17 CVE-2019-19712 Incorrect Default Permissions vulnerability in Contao
Contao 4.0 through 4.8.5 has Insecure Permissions.
network
low complexity
contao CWE-276
5.3
2019-07-09 CVE-2019-11512 SQL Injection vulnerability in Contao
Contao 4.x allows SQL Injection.
network
low complexity
contao CWE-89
critical
9.8