contao

Top products

The 15 most recently published vulnerabilities affecting contao.

• CVE-2025-65961Contao is vulnerable to cross-site scripting in templates3.3Nov 25, 2025
• CVE-2025-65960Contao is vulnerable to remote code execution in template closures6.6Nov 25, 2025
• CVE-2025-57759Contao has improper privilege management for page and article fields4.3Aug 28, 2025
• CVE-2025-57758Contao has improper access control in the back end voters4.3Aug 28, 2025
• CVE-2025-57757Contao discloses information in the news module5.3Aug 28, 2025
• CVE-2025-57756Contao discloses sensitive information in the front end search index5.3Aug 28, 2025
• CVE-2025-29790Contao allows cross-site scripting through SVG uploads5.4Mar 18, 2025
• CVE-2024-45965Contao before 5.5.6 allows XSS via an SVG document. This affects (in contao/core-bundle in Composer) 4.x before 4.13.54, 5.0.x through 5.3.x before 5.3.30, and 5.4.x and 5.5..x before 5.5.6.6.4Oct 2, 2024
• CVE-2024-45604Directory traversal in the file selector widget in contao/core-bundle4.3Sep 17, 2024
• CVE-2024-45398Remote command execution through file upload in contao/core-bundle8.3Sep 17, 2024
• CVE-2024-45612Insert tag injection via canonical URL in Contao5.3Sep 17, 2024
• CVE-2024-30262Contao's remember-me tokens will not be cleared after a password change5.9Apr 9, 2024
• CVE-2024-28235Contao possible cookie sharing with external domains while checking protected pages for broken links8.3Apr 9, 2024
• CVE-2024-28234Contao has insufficient BBCode sanitizer4.3Apr 9, 2024
• CVE-2024-28191Contao may have unencoded insert tags in the frontend3.1Apr 9, 2024