Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

contao — Vulnerabilities & Security Advisories 22

All 22 CVE vulnerabilities found in contao, with AI-generated Chinese analysis, references, and POCs.

Vendor: contao

CVE IDTitleCVSSSeverityPublished
CVE-2025-65961 Contao is vulnerable to cross-site scripting in templates CWE-87 3.3 Low2025-11-25
CVE-2025-65960 Contao is vulnerable to remote code execution in template closures CWE-351 6.6 Medium2025-11-25
CVE-2025-57759 Contao has improper privilege management for page and article fields CWE-269 4.3 Medium2025-08-28
CVE-2025-57758 Contao has improper access control in the back end voters CWE-284 4.3 Medium2025-08-28
CVE-2025-57757 Contao discloses information in the news module CWE-200 5.3 Medium2025-08-28
CVE-2025-57756 Contao discloses sensitive information in the front end search index CWE-200 5.3 Medium2025-08-28
CVE-2025-29790 Contao allows cross-site scripting through SVG uploads CWE-79 4.6 -2025-03-18
CVE-2024-45965 Contao 安全漏洞 CWE-434 6.4 Medium2024-10-02
CVE-2024-45604 Directory traversal in the file selector widget in contao/core-bundle CWE-22 4.3 Medium2024-09-17
CVE-2024-45398 Remote command execution through file upload in contao/core-bundle CWE-434 8.3 High2024-09-17
CVE-2024-45612 Insert tag injection via canonical URL in Contao CWE-20 5.3 Medium2024-09-17
CVE-2024-30262 Contao's remember-me tokens will not be cleared after a password change CWE-613 5.9 Medium2024-04-09
CVE-2024-28235 Contao possible cookie sharing with external domains while checking protected pages for broken links CWE-200 8.4 High2024-04-09
CVE-2024-28234 Contao has insufficient BBCode sanitizer CWE-74 4.3 Medium2024-04-09
CVE-2024-28191 Contao may have unencoded insert tags in the frontend CWE-74 3.1 Low2024-04-09
CVE-2024-28190 Contao core bundle vulnerable to cross site scripting in the file manager CWE-79 5.4 Medium2024-04-09
CVE-2023-36806 Contao cross site scripting vulnerability via input unit widget CWE-79 6.5 Medium2023-07-25
CVE-2023-29200 contao/core-bundle has path traversal vulnerability in the file manager CWE-22 4.3 Medium2023-04-25
CVE-2022-24899 Cross site scripting via canonical tag CWE-79 7.2 High2022-05-05
CVE-2021-37627 Privilege escalation via form generator CWE-269 8.0 High2021-08-11
CVE-2021-37626 PHP file inclusion via insert tags CWE-94 7.2 High2021-08-11
CVE-2012-4383 contao SQL注入漏洞 8.8 -2020-01-29

All 22 known CVE vulnerabilities affecting contao with full Chinese analysis, references, and POCs where available.