| CVE-2017-10993 |
high |
8.8 |
8.8 |
9y ago |
Contao Core directory traversal vulnerability |
|
| CVE-2025-65961 |
unknown |
— |
— |
6mo ago |
Contao is vulnerable to cross-site scripting in templates |
|
| CVE-2025-65960 |
unknown |
— |
— |
6mo ago |
Contao is vulnerable to remote code execution in template closures |
|
| CVE-2025-57759 |
unknown |
— |
— |
9mo ago |
Contao does not properly manage privileges for page and article fields |
|
| CVE-2025-57757 |
unknown |
— |
— |
9mo ago |
Contao can disclose sensitive information in the news module |
|
| CVE-2025-57756 |
unknown |
— |
— |
9mo ago |
Contao discloses sensitive information in the front end search index |
|
| CVE-2025-57758 |
unknown |
— |
— |
9mo ago |
Contao applies improper access control in the back end voters |
|
| CVE-2025-29790 |
unknown |
— |
— |
1y ago |
Contao Vulnerable to Cross-Site Scripting (XSS) through SVG uploads |
|
| CVE-2024-45612 |
unknown |
— |
— |
2y ago |
Contao affected by insert tag injection via canonical URL |
|
| CVE-2024-45604 |
unknown |
— |
— |
2y ago |
Contao affected by directory traversal in the file selector widget |
|
| CVE-2024-45398 |
unknown |
— |
— |
2y ago |
Contao affected by remote command execution through file upload |
|
| CVE-2024-28191 |
unknown |
— |
— |
2y ago |
Contao: Unencoded insert tags in the frontend |
|
| CVE-2024-28190 |
unknown |
— |
— |
2y ago |
Contao: Cross site scripting in the file manager |
|
| CVE-2024-30262 |
unknown |
— |
— |
2y ago |
Contao: Remember-me tokens will not be cleared after a password change |
|
| CVE-2024-28235 |
unknown |
— |
— |
2y ago |
Contao: Possible cookie sharing with external domains while checking protected pages for broken links |
|
| CVE-2023-36806 |
unknown |
— |
— |
3y ago |
Cross site scripting via input unit widget |
|
| CVE-2019-11512 |
unknown |
— |
— |
4y ago |
Contao SQL injection in the file manager |
|
| CVE-2017-16558 |
unknown |
— |
— |
4y ago |
Contao SQL injection in the backend and listing module |
|
| CVE-2022-24899 |
unknown |
— |
— |
4y ago |
Cross site scripting via canonical tag in Contao |
|
| CVE-2019-10642 |
unknown |
— |
— |
4y ago |
Contao CSRF Token Bypass |
|
| CVE-2019-10641 |
unknown |
— |
— |
4y ago |
Contao Does Not Invalidate Existing Sessions When Password Changes |
|
| CVE-2019-10643 |
unknown |
— |
— |
4y ago |
Contao Does Not Expire Tokens Correctly |
|
| CVE-2018-10125 |
unknown |
— |
— |
4y ago |
Cross-site Scripting in Contao |
|
| CVE-2021-35955 |
unknown |
— |
— |
5y ago |
Cross site scripting via HTML attributes in the back end |
|
| CVE-2021-37627 |
unknown |
— |
— |
5y ago |
Privilege escalation via form generator |
|
| CVE-2021-37626 |
unknown |
— |
— |
5y ago |
PHP file inclusion via insert tags |
|
| CVE-2021-35210 |
unknown |
— |
— |
5y ago |
Cross site scripting in the system log |
|
| CVE-2020-25768 |
unknown |
— |
— |
6y ago |
Contao Insert tag injection in forms |
|
| CVE-2019-19714 |
unknown |
— |
— |
7y ago |
Insert tag injection in the Contao login module |
|
| CVE-2019-19712 |
unknown |
— |
— |
7y ago |
Information disclosure in the Contao backend |
|
| CVE-2019-19745 |
unknown |
— |
— |
7y ago |
Unrestricted file uploads in Contao |
|