Vulnerabilities > Contao > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-03-16 | CVE-2018-10125 | Cross-site Scripting vulnerability in Contao Contao before 4.5.7 has XSS in the system log. | 6.1 |
| 2019-12-17 | CVE-2019-19714 | Improper Encoding or Escaping of Output vulnerability in Contao 4.8.4/4.8.5 Contao 4.8.4 and 4.8.5 has Improper Encoding or Escaping of Output. | 5.3 |
| 2019-12-17 | CVE-2019-19712 | Incorrect Default Permissions vulnerability in Contao Contao 4.0 through 4.8.5 has Insecure Permissions. | 5.3 |
| 2019-04-17 | CVE-2018-20028 | Unspecified vulnerability in Contao CMS Contao 3.x before 3.5.37, 4.4.x before 4.4.31 and 4.6.x before 4.6.11 has Incorrect Access Control. | 6.5 |
| 2017-05-26 | CVE-2015-0269 | Path Traversal vulnerability in Contao CMS Directory traversal vulnerability in Contao before 3.2.19, and 3.4.x before 3.4.4 allows remote authenticated "back end" users to view files outside their file mounts or the document root via unspecified vectors. | 4.3 |