Contao/core
This hub aggregates every CVE we track for Contao/core, a product in the oss libraries space. Use it to gauge the current risk picture and drill into individual advisories.
7
CVEs tracked
1
Critical
2
High
0
In CISA KEV
Severity distribution
MEDIUM4HIGH2CRITICAL1
Monthly trend
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
2024-072026-06
Latest CVEs
The 7 most recently published vulnerabilities affecting Contao/core.
- CVE-2018-5478Contao 3.x before 3.5.32 allows XSS via the unsubscribe module in the frontend newsletter extension.6.1
- CVE-2018-10125Contao before 4.5.7 has XSS in the system log.6.1
- CVE-2012-4383contao prior to 2.11.4 has a sql injection vulnerability8.8
- CVE-2019-10641Contao before 3.5.39 and 4.x before 4.7.3 has a Weak Password Recovery Mechanism for a Forgotten Password.9.8
- CVE-2017-10993Contao before 3.5.28 and 4.x before 4.4.1 allows remote attackers to include and execute arbitrary local PHP files via a crafted parameter in a URL, aka Directory Traversal.8.8
- CVE-2015-0269Directory traversal vulnerability in Contao before 3.2.19, and 3.4.x before 3.4.4 allows remote authenticated "back end" users to view files outside their file mounts or the document root via unspe...4.3
- CVE-2016-4567Cross-site scripting (XSS) vulnerability in flash/FlashMediaElement.as in MediaElement.js before 2.21.0, as used in WordPress before 4.5.2, allows remote attackers to inject arbitrary web script or...6.1
Product normalization is registry-driven with AI assist and human review. How it works