Search criteria
96 vulnerabilities found for contao by contao
FKIE_CVE-2025-65961
Vulnerability from fkie_nvd - Published: 2025-11-25 19:15 - Updated: 2025-12-03 18:20
Severity ?
3.3 (Low) - CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:N
4.8 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
4.8 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
Summary
Contao is an Open Source CMS. From version 4.0.0 to before 4.13.57, before 5.3.42, and before 5.6.5, it is possible to inject code into the template output that will be executed in the browser in the front end and back end. This issue has been patched in versions 4.13.57, 5.3.42, and 5.6.5. A workaround for this issue involves not using the affected templates or patch them manually.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:contao:contao:*:*:*:*:*:*:*:*",
"matchCriteriaId": "476CF4CA-7225-4CE2-B400-9D69AFB9C609",
"versionEndExcluding": "4.13.57",
"versionStartIncluding": "4.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contao:contao:*:*:*:*:*:*:*:*",
"matchCriteriaId": "13024496-5AD3-4439-983D-5D29485E9A26",
"versionEndExcluding": "5.3.42",
"versionStartIncluding": "5.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contao:contao:*:*:*:*:*:*:*:*",
"matchCriteriaId": "839D1FF5-F939-4BE8-B0E6-182DBF9A1A5B",
"versionEndExcluding": "5.6.5",
"versionStartIncluding": "5.4.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Contao is an Open Source CMS. From version 4.0.0 to before 4.13.57, before 5.3.42, and before 5.6.5, it is possible to inject code into the template output that will be executed in the browser in the front end and back end. This issue has been patched in versions 4.13.57, 5.3.42, and 5.6.5. A workaround for this issue involves not using the affected templates or patch them manually."
}
],
"id": "CVE-2025-65961",
"lastModified": "2025-12-03T18:20:37.613",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 0.7,
"impactScore": 2.5,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2025-11-25T19:15:51.387",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
],
"url": "https://contao.org/en/security-advisories/cross-site-scripting-in-templates"
},
{
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/contao/contao/security/advisories/GHSA-68q5-78xp-cwwc"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-87"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2025-65960
Vulnerability from fkie_nvd - Published: 2025-11-25 19:15 - Updated: 2025-12-03 17:55
Severity ?
Summary
Contao is an Open Source CMS. From version 4.0.0 to before 4.13.57, before 5.3.42, and before 5.6.5, back end users with precise control over the contents of template closures can execute arbitrary PHP functions that do not have required parameters. This issue has been patched in versions 4.13.57, 5.3.42, and 5.6.5. A workaround for this issue involves manually patching the Contao\Template::once() method.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:contao:contao:*:*:*:*:*:*:*:*",
"matchCriteriaId": "476CF4CA-7225-4CE2-B400-9D69AFB9C609",
"versionEndExcluding": "4.13.57",
"versionStartIncluding": "4.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contao:contao:*:*:*:*:*:*:*:*",
"matchCriteriaId": "13024496-5AD3-4439-983D-5D29485E9A26",
"versionEndExcluding": "5.3.42",
"versionStartIncluding": "5.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contao:contao:*:*:*:*:*:*:*:*",
"matchCriteriaId": "839D1FF5-F939-4BE8-B0E6-182DBF9A1A5B",
"versionEndExcluding": "5.6.5",
"versionStartIncluding": "5.4.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Contao is an Open Source CMS. From version 4.0.0 to before 4.13.57, before 5.3.42, and before 5.6.5, back end users with precise control over the contents of template closures can execute arbitrary PHP functions that do not have required parameters. This issue has been patched in versions 4.13.57, 5.3.42, and 5.6.5. A workaround for this issue involves manually patching the Contao\\Template::once() method."
}
],
"id": "CVE-2025-65960",
"lastModified": "2025-12-03T17:55:34.283",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.7,
"impactScore": 5.9,
"source": "security-advisories@github.com",
"type": "Secondary"
}
]
},
"published": "2025-11-25T19:15:51.203",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
],
"url": "https://contao.org/en/security-advisories/remote-code-execution-in-template-closures"
},
{
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/contao/contao/security/advisories/GHSA-98vj-mm79-v77r"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-351"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
}
]
}
FKIE_CVE-2025-57758
Vulnerability from fkie_nvd - Published: 2025-08-28 17:15 - Updated: 2025-09-02 17:37
Severity ?
Summary
Contao is an Open Source CMS. In versions starting from 5.0.0 and prior to 5.3.38 and 5.6.1, the table access voter in the back end doesn't check if a user is allowed to access the corresponding module. This issue has been patched in versions 5.3.38 and 5.6.1. A workaround involves not relying solely on the voter and additionally to check USER_CAN_ACCESS_MODULE.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:contao:contao:*:*:*:*:*:*:*:*",
"matchCriteriaId": "33F26EC5-04D5-48B8-9633-63E661CE2103",
"versionEndExcluding": "5.3.38",
"versionStartIncluding": "5.3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contao:contao:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AC84DCCC-B7C2-43DB-AFFA-F3464B640F78",
"versionEndExcluding": "5.6.1",
"versionStartIncluding": "5.4.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Contao is an Open Source CMS. In versions starting from 5.0.0 and prior to 5.3.38 and 5.6.1, the table access voter in the back end doesn\u0027t check if a user is allowed to access the corresponding module. This issue has been patched in versions 5.3.38 and 5.6.1. A workaround involves not relying solely on the voter and additionally to check USER_CAN_ACCESS_MODULE."
}
],
"id": "CVE-2025-57758",
"lastModified": "2025-09-02T17:37:58.027",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "security-advisories@github.com",
"type": "Secondary"
}
]
},
"published": "2025-08-28T17:15:36.420",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
],
"url": "https://contao.org/en/security-advisories/improper-access-control-in-the-back-end-voters"
},
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/contao/contao/commit/3f05c603e1c94d34819f837f060df5d66447d0d7"
},
{
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/contao/contao/security/advisories/GHSA-7m47-r75r-cx8v"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-284"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
}
]
}
FKIE_CVE-2025-57756
Vulnerability from fkie_nvd - Published: 2025-08-28 17:15 - Updated: 2025-09-02 17:39
Severity ?
Summary
Contao is an Open Source CMS. In versions starting from 4.9.14 and prior to 4.13.56, 5.3.38, and 5.6.1, protected content elements that are rendered as fragments are indexed and become publicly available in the front end search. This issue has been patched in versions 4.13.56, 5.3.38, and 5.6.1. A workaround involves disabling the front end search.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:contao:contao:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DEA37692-4A35-4C0E-95C5-ABE4B9142441",
"versionEndIncluding": "4.9.14",
"versionStartIncluding": "4.9.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contao:contao:*:*:*:*:*:*:*:*",
"matchCriteriaId": "82752B8E-B939-4ADA-A7E5-595890EBA810",
"versionEndExcluding": "4.13.56",
"versionStartIncluding": "4.10.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contao:contao:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CD3F6788-0473-4C0E-8602-2B66A518B9D5",
"versionEndExcluding": "5.3.38",
"versionStartIncluding": "5.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contao:contao:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AC84DCCC-B7C2-43DB-AFFA-F3464B640F78",
"versionEndExcluding": "5.6.1",
"versionStartIncluding": "5.4.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Contao is an Open Source CMS. In versions starting from 4.9.14 and prior to 4.13.56, 5.3.38, and 5.6.1, protected content elements that are rendered as fragments are indexed and become publicly available in the front end search. This issue has been patched in versions 4.13.56, 5.3.38, and 5.6.1. A workaround involves disabling the front end search."
}
],
"id": "CVE-2025-57756",
"lastModified": "2025-09-02T17:39:29.950",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "security-advisories@github.com",
"type": "Secondary"
}
]
},
"published": "2025-08-28T17:15:36.023",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
],
"url": "https://contao.org/en/security-advisories/information-disclosure-in-the-front-end-search-index"
},
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/contao/contao/commit/a03976c459b6f3985a28f6488b82a76ffb6c0514"
},
{
"source": "security-advisories@github.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/contao/contao/security/advisories/GHSA-2xmj-8wmq-7475"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
},
{
"lang": "en",
"value": "CWE-612"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
}
]
}
FKIE_CVE-2025-57759
Vulnerability from fkie_nvd - Published: 2025-08-28 17:15 - Updated: 2025-09-02 17:36
Severity ?
Summary
Contao is an Open Source CMS. In versions starting from 5.3.0 and prior to 5.3.38 and 5.6.1, under certain conditions, back end users may be able to edit fields of pages and articles without having the necessary permissions. This issue has been patched in versions 5.3.38 and 5.6.1. There are no workarounds.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:contao:contao:*:*:*:*:*:*:*:*",
"matchCriteriaId": "33F26EC5-04D5-48B8-9633-63E661CE2103",
"versionEndExcluding": "5.3.38",
"versionStartIncluding": "5.3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contao:contao:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AC84DCCC-B7C2-43DB-AFFA-F3464B640F78",
"versionEndExcluding": "5.6.1",
"versionStartIncluding": "5.4.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Contao is an Open Source CMS. In versions starting from 5.3.0 and prior to 5.3.38 and 5.6.1, under certain conditions, back end users may be able to edit fields of pages and articles without having the necessary permissions. This issue has been patched in versions 5.3.38 and 5.6.1. There are no workarounds."
}
],
"id": "CVE-2025-57759",
"lastModified": "2025-09-02T17:36:12.837",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "security-advisories@github.com",
"type": "Secondary"
}
]
},
"published": "2025-08-28T17:15:36.597",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
],
"url": "https://contao.org/en/security-advisories/improper-privilege-management-for-page-and-article-fields"
},
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/contao/contao/commit/80ee7db12d55ad979d9b1b180f273d4e2668851f"
},
{
"source": "security-advisories@github.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/contao/contao/security/advisories/GHSA-qqfq-7cpp-hcqj"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-269"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
}
]
}
FKIE_CVE-2025-57757
Vulnerability from fkie_nvd - Published: 2025-08-28 17:15 - Updated: 2025-09-02 17:38
Severity ?
Summary
Contao is an Open Source CMS. In versions starting from 5.0.0 and prior to 5.3.38 and 5.6.1, if a news feed contains protected news archives, their news items are not filtered and become publicly available in the RSS feed. This issue has been patched in versions 5.3.38 and 5.6.1. A workaround involves not adding protected news archives to the news feed page.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:contao:contao:*:*:*:*:*:*:*:*",
"matchCriteriaId": "33F26EC5-04D5-48B8-9633-63E661CE2103",
"versionEndExcluding": "5.3.38",
"versionStartIncluding": "5.3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contao:contao:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AC84DCCC-B7C2-43DB-AFFA-F3464B640F78",
"versionEndExcluding": "5.6.1",
"versionStartIncluding": "5.4.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Contao is an Open Source CMS. In versions starting from 5.0.0 and prior to 5.3.38 and 5.6.1, if a news feed contains protected news archives, their news items are not filtered and become publicly available in the RSS feed. This issue has been patched in versions 5.3.38 and 5.6.1. A workaround involves not adding protected news archives to the news feed page."
}
],
"id": "CVE-2025-57757",
"lastModified": "2025-09-02T17:38:34.263",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "security-advisories@github.com",
"type": "Secondary"
}
]
},
"published": "2025-08-28T17:15:36.220",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
],
"url": "https://contao.org/en/security-advisories/information-disclosure-in-the-news-module"
},
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/contao/contao/commit/e75f46b11974fbf7a4652e65c19ad6ca84c59271"
},
{
"source": "security-advisories@github.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/contao/contao/security/advisories/GHSA-w53m-gxvg-vx7p"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
},
{
"lang": "en",
"value": "CWE-212"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
}
]
}
FKIE_CVE-2025-29790
Vulnerability from fkie_nvd - Published: 2025-03-18 19:15 - Updated: 2025-11-04 18:22
Severity ?
Summary
Contao is an Open Source CMS. Users can upload SVG files with malicious code, which is then executed in the back end and/or front end. This vulnerability is fixed in Contao 4.13.54, 5.3.30, or 5.5.6.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:contao:contao:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FAB09314-91FB-4587-B242-32C32B902250",
"versionEndExcluding": "4.13.53",
"versionStartIncluding": "4.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contao:contao:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9DC1431E-AC3C-4A63-B1F1-9AEB22608F7F",
"versionEndExcluding": "5.3.30",
"versionStartIncluding": "5.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contao:contao:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8C5E0EF8-382F-4886-9DD0-7A15704CB0BA",
"versionEndExcluding": "5.5.6",
"versionStartIncluding": "5.4.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Contao is an Open Source CMS. Users can upload SVG files with malicious code, which is then executed in the back end and/or front end. This vulnerability is fixed in Contao 4.13.54, 5.3.30, or 5.5.6."
},
{
"lang": "es",
"value": "Contao es un CMS de c\u00f3digo abierto. Los usuarios pueden subir archivos SVG con c\u00f3digo malicioso, que se ejecuta en el backend o frontend. Esta vulnerabilidad est\u00e1 corregida en Contao 4.13.54, 5.3.30 o 5.5.6."
}
],
"id": "CVE-2025-29790",
"lastModified": "2025-11-04T18:22:48.273",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "LOW",
"userInteraction": "ACTIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"source": "security-advisories@github.com",
"type": "Secondary"
}
]
},
"published": "2025-03-18T19:15:50.813",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
],
"url": "https://contao.org/en/security-advisories/cross-site-scripting-through-svg-uploads"
},
{
"source": "security-advisories@github.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/contao/contao/security/advisories/GHSA-vqqr-fgmh-f626"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
}
]
}
FKIE_CVE-2024-45965
Vulnerability from fkie_nvd - Published: 2024-10-02 20:15 - Updated: 2025-11-13 14:50
Severity ?
6.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
Contao before 5.5.6 allows XSS via an SVG document. This affects (in contao/core-bundle in Composer) 4.x before 4.13.54, 5.0.x through 5.3.x before 5.3.30, and 5.4.x and 5.5..x before 5.5.6.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | https://contao.org/en/security-advisories/cross-site-scripting-through-svg-uploads | Vendor Advisory | |
| cve@mitre.org | https://grimthereaperteam.medium.com/contao-5-4-1-malicious-file-upload-xss-in-svg-30edb8820ecb | Exploit, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:contao:contao:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F2B78795-5DC9-4D54-846D-B295A85D3FEE",
"versionEndExcluding": "4.13.54",
"versionStartIncluding": "4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contao:contao:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9DC1431E-AC3C-4A63-B1F1-9AEB22608F7F",
"versionEndExcluding": "5.3.30",
"versionStartIncluding": "5.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contao:contao:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8C5E0EF8-382F-4886-9DD0-7A15704CB0BA",
"versionEndExcluding": "5.5.6",
"versionStartIncluding": "5.4.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Contao before 5.5.6 allows XSS via an SVG document. This affects (in contao/core-bundle in Composer) 4.x before 4.13.54, 5.0.x through 5.3.x before 5.3.30, and 5.4.x and 5.5..x before 5.5.6."
},
{
"lang": "es",
"value": "Contao 5.4.1 permite que una cuenta de administrador autenticada cargue un archivo SVG que contenga c\u00f3digo JavaScript malicioso en el sistema de destino. Si se accede al archivo a trav\u00e9s del sitio web, podr\u00eda provocar un ataque de Cross-Site Scripting (XSS) o ejecutar c\u00f3digo arbitrario a trav\u00e9s de un c\u00f3digo JavaScript manipulado espec\u00edficamente para el objetivo."
}
],
"id": "CVE-2024-45965",
"lastModified": "2025-11-13T14:50:19.490",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.1,
"impactScore": 2.7,
"source": "cve@mitre.org",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-10-02T20:15:11.320",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://contao.org/en/security-advisories/cross-site-scripting-through-svg-uploads"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://grimthereaperteam.medium.com/contao-5-4-1-malicious-file-upload-xss-in-svg-30edb8820ecb"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-434"
}
],
"source": "cve@mitre.org",
"type": "Secondary"
}
]
}
FKIE_CVE-2024-45604
Vulnerability from fkie_nvd - Published: 2024-09-17 20:15 - Updated: 2024-09-25 19:22
Severity ?
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Summary
Contao is an Open Source CMS. In affected versions authenticated users in the back end can list files outside the document root in the file selector widget. Users are advised to update to Contao 4.13.49. There are no known workarounds for this vulnerability.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:contao:contao:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E47DC0CF-1FA6-4AAC-88A6-A9616D017E2E",
"versionEndExcluding": "4.13.49",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Contao is an Open Source CMS. In affected versions authenticated users in the back end can list files outside the document root in the file selector widget. Users are advised to update to Contao 4.13.49. There are no known workarounds for this vulnerability."
},
{
"lang": "es",
"value": "Contao es un CMS de c\u00f3digo abierto. En las versiones afectadas, los usuarios autenticados en el back-end pueden incluir archivos fuera de la ra\u00edz del documento en el widget selector de archivos. Se recomienda a los usuarios que actualicen a Contao 4.13.49. No existen workarounds para esta vulnerabilidad."
}
],
"id": "CVE-2024-45604",
"lastModified": "2024-09-25T19:22:09.533",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-09-17T20:15:04.893",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
],
"url": "https://contao.org/en/security-advisories/directory-traversal-in-the-fileselector-widget"
},
{
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/contao/contao/security/advisories/GHSA-4p75-5p53-65m9"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
}
]
}
FKIE_CVE-2024-45398
Vulnerability from fkie_nvd - Published: 2024-09-17 20:15 - Updated: 2024-09-25 19:20
Severity ?
8.3 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
Contao is an Open Source CMS. In affected versions a back end user with access to the file manager can upload malicious files and execute them on the server. Users are advised to update to Contao 4.13.49, 5.3.15 or 5.4.3. Users unable to update are advised to configure their web server so it does not execute PHP files and other scripts in the Contao file upload directory.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:contao:contao:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CB4C5DCC-94CE-4732-8B71-0CB60FFF3B31",
"versionEndExcluding": "4.13.49",
"versionStartIncluding": "4.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contao:contao:*:*:*:*:*:*:*:*",
"matchCriteriaId": "44942DC5-6564-4F2B-9C2F-EA446C70E05F",
"versionEndExcluding": "5.3.15",
"versionStartIncluding": "5.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contao:contao:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BB66A97A-A8FA-4D3A-8E93-6692772217AC",
"versionEndExcluding": "5.4.3",
"versionStartIncluding": "5.4.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Contao is an Open Source CMS. In affected versions a back end user with access to the file manager can upload malicious files and execute them on the server. Users are advised to update to Contao 4.13.49, 5.3.15 or 5.4.3. Users unable to update are advised to configure their web server so it does not execute PHP files and other scripts in the Contao file upload directory."
},
{
"lang": "es",
"value": "Contao es un CMS de c\u00f3digo abierto. En las versiones afectadas, un usuario de back-end con acceso al administrador de archivos puede cargar archivos maliciosos y ejecutarlos en el servidor. Se recomienda a los usuarios que actualicen a Contao 4.13.49, 5.3.15 o 5.4.3. A los usuarios que no puedan actualizar se les recomienda que configuren su servidor web para que no ejecute archivos PHP y otros scripts en el directorio de carga de archivos de Contao."
}
],
"id": "CVE-2024-45398",
"lastModified": "2024-09-25T19:20:52.527",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.5,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-09-17T20:15:04.670",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
],
"url": "https://contao.org/en/security-advisories/remote-command-execution-through-file-uploads"
},
{
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/contao/contao/security/advisories/GHSA-vm6r-j788-hjh5"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-434"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
}
]
}
CVE-2025-65961 (GCVE-0-2025-65961)
Vulnerability from cvelistv5 – Published: 2025-11-25 19:06 – Updated: 2025-11-25 19:29
VLAI?
Title
Contao is vulnerable to cross-site scripting in templates
Summary
Contao is an Open Source CMS. From version 4.0.0 to before 4.13.57, before 5.3.42, and before 5.6.5, it is possible to inject code into the template output that will be executed in the browser in the front end and back end. This issue has been patched in versions 4.13.57, 5.3.42, and 5.6.5. A workaround for this issue involves not using the affected templates or patch them manually.
Severity ?
CWE
- CWE-87 - Improper Neutralization of Alternate XSS Syntax
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-65961",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-25T19:28:53.256704Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-25T19:29:04.630Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "contao",
"vendor": "contao",
"versions": [
{
"status": "affected",
"version": "\u003e= 4.0.0, \u003c 4.13.57"
},
{
"status": "affected",
"version": "\u003e= 5.0.0-RC1, \u003c 5.3.42"
},
{
"status": "affected",
"version": "\u003e= 5.4.0-RC1, \u003c 5.6.5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Contao is an Open Source CMS. From version 4.0.0 to before 4.13.57, before 5.3.42, and before 5.6.5, it is possible to inject code into the template output that will be executed in the browser in the front end and back end. This issue has been patched in versions 4.13.57, 5.3.42, and 5.6.5. A workaround for this issue involves not using the affected templates or patch them manually."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-87",
"description": "CWE-87: Improper Neutralization of Alternate XSS Syntax",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-25T19:06:37.395Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/contao/contao/security/advisories/GHSA-68q5-78xp-cwwc",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/contao/contao/security/advisories/GHSA-68q5-78xp-cwwc"
},
{
"name": "https://contao.org/en/security-advisories/cross-site-scripting-in-templates",
"tags": [
"x_refsource_MISC"
],
"url": "https://contao.org/en/security-advisories/cross-site-scripting-in-templates"
}
],
"source": {
"advisory": "GHSA-68q5-78xp-cwwc",
"discovery": "UNKNOWN"
},
"title": "Contao is vulnerable to cross-site scripting in templates"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-65961",
"datePublished": "2025-11-25T19:06:37.395Z",
"dateReserved": "2025-11-18T16:14:56.694Z",
"dateUpdated": "2025-11-25T19:29:04.630Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-65960 (GCVE-0-2025-65960)
Vulnerability from cvelistv5 – Published: 2025-11-25 18:54 – Updated: 2025-11-25 20:00
VLAI?
Title
Contao is vulnerable to remote code execution in template closures
Summary
Contao is an Open Source CMS. From version 4.0.0 to before 4.13.57, before 5.3.42, and before 5.6.5, back end users with precise control over the contents of template closures can execute arbitrary PHP functions that do not have required parameters. This issue has been patched in versions 4.13.57, 5.3.42, and 5.6.5. A workaround for this issue involves manually patching the Contao\Template::once() method.
Severity ?
6.6 (Medium)
CWE
- CWE-351 - Insufficient Type Distinction
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-65960",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-25T19:59:53.302405Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-25T20:00:14.687Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "contao",
"vendor": "contao",
"versions": [
{
"status": "affected",
"version": "\u003e= 4.0.0, \u003c 4.13.57"
},
{
"status": "affected",
"version": "\u003e= 5.0.0-RC1, \u003c 5.3.42"
},
{
"status": "affected",
"version": "\u003e= 5.4.0-RC1, \u003c 5.6.5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Contao is an Open Source CMS. From version 4.0.0 to before 4.13.57, before 5.3.42, and before 5.6.5, back end users with precise control over the contents of template closures can execute arbitrary PHP functions that do not have required parameters. This issue has been patched in versions 4.13.57, 5.3.42, and 5.6.5. A workaround for this issue involves manually patching the Contao\\Template::once() method."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-351",
"description": "CWE-351: Insufficient Type Distinction",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-25T18:54:48.897Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/contao/contao/security/advisories/GHSA-98vj-mm79-v77r",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/contao/contao/security/advisories/GHSA-98vj-mm79-v77r"
},
{
"name": "https://contao.org/en/security-advisories/remote-code-execution-in-template-closures",
"tags": [
"x_refsource_MISC"
],
"url": "https://contao.org/en/security-advisories/remote-code-execution-in-template-closures"
}
],
"source": {
"advisory": "GHSA-98vj-mm79-v77r",
"discovery": "UNKNOWN"
},
"title": "Contao is vulnerable to remote code execution in template closures"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-65960",
"datePublished": "2025-11-25T18:54:48.897Z",
"dateReserved": "2025-11-18T16:14:56.694Z",
"dateUpdated": "2025-11-25T20:00:14.687Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-57759 (GCVE-0-2025-57759)
Vulnerability from cvelistv5 – Published: 2025-08-28 16:32 – Updated: 2025-08-28 17:16
VLAI?
Title
Contao has improper privilege management for page and article fields
Summary
Contao is an Open Source CMS. In versions starting from 5.3.0 and prior to 5.3.38 and 5.6.1, under certain conditions, back end users may be able to edit fields of pages and articles without having the necessary permissions. This issue has been patched in versions 5.3.38 and 5.6.1. There are no workarounds.
Severity ?
4.3 (Medium)
CWE
- CWE-269 - Improper Privilege Management
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-57759",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-28T17:16:51.325478Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-28T17:16:55.904Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "contao",
"vendor": "contao",
"versions": [
{
"status": "affected",
"version": "\u003e= 5.3.0, \u003c 5.3.38"
},
{
"status": "affected",
"version": "\u003e= 5.4.0-RC1, \u003c 5.6.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Contao is an Open Source CMS. In versions starting from 5.3.0 and prior to 5.3.38 and 5.6.1, under certain conditions, back end users may be able to edit fields of pages and articles without having the necessary permissions. This issue has been patched in versions 5.3.38 and 5.6.1. There are no workarounds."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269: Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-28T16:32:59.022Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/contao/contao/security/advisories/GHSA-qqfq-7cpp-hcqj",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/contao/contao/security/advisories/GHSA-qqfq-7cpp-hcqj"
},
{
"name": "https://github.com/contao/contao/commit/80ee7db12d55ad979d9b1b180f273d4e2668851f",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/contao/contao/commit/80ee7db12d55ad979d9b1b180f273d4e2668851f"
},
{
"name": "https://contao.org/en/security-advisories/improper-privilege-management-for-page-and-article-fields",
"tags": [
"x_refsource_MISC"
],
"url": "https://contao.org/en/security-advisories/improper-privilege-management-for-page-and-article-fields"
}
],
"source": {
"advisory": "GHSA-qqfq-7cpp-hcqj",
"discovery": "UNKNOWN"
},
"title": "Contao has improper privilege management for page and article fields"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-57759",
"datePublished": "2025-08-28T16:32:59.022Z",
"dateReserved": "2025-08-19T15:16:22.916Z",
"dateUpdated": "2025-08-28T17:16:55.904Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-57758 (GCVE-0-2025-57758)
Vulnerability from cvelistv5 – Published: 2025-08-28 16:32 – Updated: 2025-08-28 17:20
VLAI?
Title
Contao has improper access control in the back end voters
Summary
Contao is an Open Source CMS. In versions starting from 5.0.0 and prior to 5.3.38 and 5.6.1, the table access voter in the back end doesn't check if a user is allowed to access the corresponding module. This issue has been patched in versions 5.3.38 and 5.6.1. A workaround involves not relying solely on the voter and additionally to check USER_CAN_ACCESS_MODULE.
Severity ?
4.3 (Medium)
CWE
- CWE-284 - Improper Access Control
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-57758",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-28T17:19:56.119408Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-28T17:20:01.087Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "contao",
"vendor": "contao",
"versions": [
{
"status": "affected",
"version": "\u003e= 5.0.0, \u003c 5.3.38"
},
{
"status": "affected",
"version": "\u003e= 5.4.0-RC1, \u003c 5.6.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Contao is an Open Source CMS. In versions starting from 5.0.0 and prior to 5.3.38 and 5.6.1, the table access voter in the back end doesn\u0027t check if a user is allowed to access the corresponding module. This issue has been patched in versions 5.3.38 and 5.6.1. A workaround involves not relying solely on the voter and additionally to check USER_CAN_ACCESS_MODULE."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284: Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-28T16:32:38.664Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/contao/contao/security/advisories/GHSA-7m47-r75r-cx8v",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/contao/contao/security/advisories/GHSA-7m47-r75r-cx8v"
},
{
"name": "https://github.com/contao/contao/commit/3f05c603e1c94d34819f837f060df5d66447d0d7",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/contao/contao/commit/3f05c603e1c94d34819f837f060df5d66447d0d7"
},
{
"name": "https://contao.org/en/security-advisories/improper-access-control-in-the-back-end-voters",
"tags": [
"x_refsource_MISC"
],
"url": "https://contao.org/en/security-advisories/improper-access-control-in-the-back-end-voters"
}
],
"source": {
"advisory": "GHSA-7m47-r75r-cx8v",
"discovery": "UNKNOWN"
},
"title": "Contao has improper access control in the back end voters"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-57758",
"datePublished": "2025-08-28T16:32:38.664Z",
"dateReserved": "2025-08-19T15:16:22.916Z",
"dateUpdated": "2025-08-28T17:20:01.087Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-57757 (GCVE-0-2025-57757)
Vulnerability from cvelistv5 – Published: 2025-08-28 16:32 – Updated: 2025-08-28 17:48
VLAI?
Title
Contao discloses information in the news module
Summary
Contao is an Open Source CMS. In versions starting from 5.0.0 and prior to 5.3.38 and 5.6.1, if a news feed contains protected news archives, their news items are not filtered and become publicly available in the RSS feed. This issue has been patched in versions 5.3.38 and 5.6.1. A workaround involves not adding protected news archives to the news feed page.
Severity ?
5.3 (Medium)
CWE
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-57757",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-28T17:45:40.665521Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-28T17:48:36.124Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "contao",
"vendor": "contao",
"versions": [
{
"status": "affected",
"version": "\u003e= 5.0.0-RC1, \u003c 5.3.38"
},
{
"status": "affected",
"version": "\u003e= 5.4.0-RC1, \u003c 5.6.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Contao is an Open Source CMS. In versions starting from 5.0.0 and prior to 5.3.38 and 5.6.1, if a news feed contains protected news archives, their news items are not filtered and become publicly available in the RSS feed. This issue has been patched in versions 5.3.38 and 5.6.1. A workaround involves not adding protected news archives to the news feed page."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-212",
"description": "CWE-212: Improper Removal of Sensitive Information Before Storage or Transfer",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-28T16:32:03.487Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/contao/contao/security/advisories/GHSA-w53m-gxvg-vx7p",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/contao/contao/security/advisories/GHSA-w53m-gxvg-vx7p"
},
{
"name": "https://github.com/contao/contao/commit/e75f46b11974fbf7a4652e65c19ad6ca84c59271",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/contao/contao/commit/e75f46b11974fbf7a4652e65c19ad6ca84c59271"
},
{
"name": "https://contao.org/en/security-advisories/information-disclosure-in-the-news-module",
"tags": [
"x_refsource_MISC"
],
"url": "https://contao.org/en/security-advisories/information-disclosure-in-the-news-module"
}
],
"source": {
"advisory": "GHSA-w53m-gxvg-vx7p",
"discovery": "UNKNOWN"
},
"title": "Contao discloses information in the news module"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-57757",
"datePublished": "2025-08-28T16:32:03.487Z",
"dateReserved": "2025-08-19T15:16:22.916Z",
"dateUpdated": "2025-08-28T17:48:36.124Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-57756 (GCVE-0-2025-57756)
Vulnerability from cvelistv5 – Published: 2025-08-28 16:31 – Updated: 2025-08-28 17:49
VLAI?
Title
Contao discloses sensitive information in the front end search index
Summary
Contao is an Open Source CMS. In versions starting from 4.9.14 and prior to 4.13.56, 5.3.38, and 5.6.1, protected content elements that are rendered as fragments are indexed and become publicly available in the front end search. This issue has been patched in versions 4.13.56, 5.3.38, and 5.6.1. A workaround involves disabling the front end search.
Severity ?
5.3 (Medium)
CWE
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-57756",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-28T17:49:20.516549Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-28T17:49:26.154Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "contao",
"vendor": "contao",
"versions": [
{
"status": "affected",
"version": "\u003e= 4.9.14, \u003c 4.13.56"
},
{
"status": "affected",
"version": "\u003e= 5.0.0-RC1, \u003c 5.3.38"
},
{
"status": "affected",
"version": "\u003e= 5.4.0-RC1, \u003c 5.6.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Contao is an Open Source CMS. In versions starting from 4.9.14 and prior to 4.13.56, 5.3.38, and 5.6.1, protected content elements that are rendered as fragments are indexed and become publicly available in the front end search. This issue has been patched in versions 4.13.56, 5.3.38, and 5.6.1. A workaround involves disabling the front end search."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-612",
"description": "CWE-612: Improper Authorization of Index Containing Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-28T16:31:40.295Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/contao/contao/security/advisories/GHSA-2xmj-8wmq-7475",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/contao/contao/security/advisories/GHSA-2xmj-8wmq-7475"
},
{
"name": "https://github.com/contao/contao/commit/a03976c459b6f3985a28f6488b82a76ffb6c0514",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/contao/contao/commit/a03976c459b6f3985a28f6488b82a76ffb6c0514"
},
{
"name": "https://contao.org/en/security-advisories/information-disclosure-in-the-front-end-search-index",
"tags": [
"x_refsource_MISC"
],
"url": "https://contao.org/en/security-advisories/information-disclosure-in-the-front-end-search-index"
}
],
"source": {
"advisory": "GHSA-2xmj-8wmq-7475",
"discovery": "UNKNOWN"
},
"title": "Contao discloses sensitive information in the front end search index"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-57756",
"datePublished": "2025-08-28T16:31:40.295Z",
"dateReserved": "2025-08-19T15:16:22.916Z",
"dateUpdated": "2025-08-28T17:49:26.154Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-29790 (GCVE-0-2025-29790)
Vulnerability from cvelistv5 – Published: 2025-03-18 18:36 – Updated: 2025-03-18 18:48
VLAI?
Title
Contao allows cross-site scripting through SVG uploads
Summary
Contao is an Open Source CMS. Users can upload SVG files with malicious code, which is then executed in the back end and/or front end. This vulnerability is fixed in Contao 4.13.54, 5.3.30, or 5.5.6.
Severity ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-29790",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-18T18:48:29.028406Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-18T18:48:39.399Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "contao",
"vendor": "contao",
"versions": [
{
"status": "affected",
"version": "\u003e= 4.0.0, \u003c 4.13.54"
},
{
"status": "affected",
"version": "\u003e= 5.0.0, \u003c 5.3.30"
},
{
"status": "affected",
"version": "\u003e= 5.4.0, \u003c 5.5.6"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Contao is an Open Source CMS. Users can upload SVG files with malicious code, which is then executed in the back end and/or front end. This vulnerability is fixed in Contao 4.13.54, 5.3.30, or 5.5.6."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"privilegesRequired": "LOW",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "LOW",
"userInteraction": "ACTIVE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-18T18:36:34.279Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/contao/contao/security/advisories/GHSA-vqqr-fgmh-f626",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/contao/contao/security/advisories/GHSA-vqqr-fgmh-f626"
},
{
"name": "https://contao.org/en/security-advisories/cross-site-scripting-through-svg-uploads",
"tags": [
"x_refsource_MISC"
],
"url": "https://contao.org/en/security-advisories/cross-site-scripting-through-svg-uploads"
}
],
"source": {
"advisory": "GHSA-vqqr-fgmh-f626",
"discovery": "UNKNOWN"
},
"title": "Contao allows cross-site scripting through SVG uploads"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-29790",
"datePublished": "2025-03-18T18:36:34.279Z",
"dateReserved": "2025-03-11T14:23:00.476Z",
"dateUpdated": "2025-03-18T18:48:39.399Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-45965 (GCVE-0-2024-45965)
Vulnerability from cvelistv5 – Published: 2024-10-02 00:00 – Updated: 2025-08-27 21:27
VLAI?
Summary
Contao before 5.5.6 allows XSS via an SVG document. This affects (in contao/core-bundle in Composer) 4.x before 4.13.54, 5.0.x through 5.3.x before 5.3.30, and 5.4.x and 5.5..x before 5.5.6.
Severity ?
6.4 (Medium)
CWE
- CWE-434 - Unrestricted Upload of File with Dangerous Type
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:contao:contao:5.4.1:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "contao",
"vendor": "contao",
"versions": [
{
"status": "affected",
"version": "5.4.1"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-45965",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-02T20:29:10.374330Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-27T21:27:09.128Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Contao",
"vendor": "Contao",
"versions": [
{
"lessThan": "4.13.54",
"status": "affected",
"version": "4.0.0",
"versionType": "semver"
},
{
"lessThan": "5.3.30",
"status": "affected",
"version": "5.0.0",
"versionType": "semver"
},
{
"lessThan": "5.5.6",
"status": "affected",
"version": "5.4.0",
"versionType": "semver"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:contao:contao:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.13.54",
"versionStartIncluding": "4.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contao:contao:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.3.30",
"versionStartIncluding": "5.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contao:contao:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.5.6",
"versionStartIncluding": "5.4.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Contao before 5.5.6 allows XSS via an SVG document. This affects (in contao/core-bundle in Composer) 4.x before 4.13.54, 5.0.x through 5.3.x before 5.3.30, and 5.4.x and 5.5..x before 5.5.6."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "CWE-434 Unrestricted Upload of File with Dangerous Type",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-24T19:04:03.032Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://grimthereaperteam.medium.com/contao-5-4-1-malicious-file-upload-xss-in-svg-30edb8820ecb"
},
{
"url": "https://contao.org/en/security-advisories/cross-site-scripting-through-svg-uploads"
}
],
"x_generator": {
"engine": "enrichogram 0.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2024-45965",
"datePublished": "2024-10-02T00:00:00.000Z",
"dateReserved": "2024-09-11T00:00:00.000Z",
"dateUpdated": "2025-08-27T21:27:09.128Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-45604 (GCVE-0-2024-45604)
Vulnerability from cvelistv5 – Published: 2024-09-17 19:56 – Updated: 2024-09-18 13:09
VLAI?
Title
Directory traversal in the file selector widget in contao/core-bundle
Summary
Contao is an Open Source CMS. In affected versions authenticated users in the back end can list files outside the document root in the file selector widget. Users are advised to update to Contao 4.13.49. There are no known workarounds for this vulnerability.
Severity ?
4.3 (Medium)
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-45604",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-18T13:09:34.002818Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-18T13:09:48.444Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "contao",
"vendor": "contao",
"versions": [
{
"status": "affected",
"version": "\u003c 4.13.49"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Contao is an Open Source CMS. In affected versions authenticated users in the back end can list files outside the document root in the file selector widget. Users are advised to update to Contao 4.13.49. There are no known workarounds for this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-17T19:56:02.588Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/contao/contao/security/advisories/GHSA-4p75-5p53-65m9",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/contao/contao/security/advisories/GHSA-4p75-5p53-65m9"
},
{
"name": "https://contao.org/en/security-advisories/directory-traversal-in-the-fileselector-widget",
"tags": [
"x_refsource_MISC"
],
"url": "https://contao.org/en/security-advisories/directory-traversal-in-the-fileselector-widget"
}
],
"source": {
"advisory": "GHSA-4p75-5p53-65m9",
"discovery": "UNKNOWN"
},
"title": "Directory traversal in the file selector widget in contao/core-bundle"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-45604",
"datePublished": "2024-09-17T19:56:02.588Z",
"dateReserved": "2024-09-02T16:00:02.424Z",
"dateUpdated": "2024-09-18T13:09:48.444Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-45398 (GCVE-0-2024-45398)
Vulnerability from cvelistv5 – Published: 2024-09-17 19:56 – Updated: 2024-09-18 13:17
VLAI?
Title
Remote command execution through file upload in contao/core-bundle
Summary
Contao is an Open Source CMS. In affected versions a back end user with access to the file manager can upload malicious files and execute them on the server. Users are advised to update to Contao 4.13.49, 5.3.15 or 5.4.3. Users unable to update are advised to configure their web server so it does not execute PHP files and other scripts in the Contao file upload directory.
Severity ?
8.3 (High)
CWE
- CWE-434 - Unrestricted Upload of File with Dangerous Type
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:contao:contao:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "contao",
"vendor": "contao",
"versions": [
{
"lessThanOrEqual": "4.13.49",
"status": "affected",
"version": "4.0.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "5.3.15",
"status": "affected",
"version": "5.0.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "5.4.3",
"status": "affected",
"version": "5.4.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-45398",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-18T13:14:03.501932Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-18T13:17:36.013Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "contao",
"vendor": "contao",
"versions": [
{
"status": "affected",
"version": "\u003e=4.0.0, \u003c 4.13.49"
},
{
"status": "affected",
"version": "\u003e= 5.0.0, \u003c 5.3.15"
},
{
"status": "affected",
"version": "\u003e= 5.4.0, \u003c 5.4.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Contao is an Open Source CMS. In affected versions a back end user with access to the file manager can upload malicious files and execute them on the server. Users are advised to update to Contao 4.13.49, 5.3.15 or 5.4.3. Users unable to update are advised to configure their web server so it does not execute PHP files and other scripts in the Contao file upload directory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "CWE-434: Unrestricted Upload of File with Dangerous Type",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-17T19:56:00.791Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/contao/contao/security/advisories/GHSA-vm6r-j788-hjh5",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/contao/contao/security/advisories/GHSA-vm6r-j788-hjh5"
},
{
"name": "https://contao.org/en/security-advisories/remote-command-execution-through-file-uploads",
"tags": [
"x_refsource_MISC"
],
"url": "https://contao.org/en/security-advisories/remote-command-execution-through-file-uploads"
}
],
"source": {
"advisory": "GHSA-vm6r-j788-hjh5",
"discovery": "UNKNOWN"
},
"title": "Remote command execution through file upload in contao/core-bundle"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-45398",
"datePublished": "2024-09-17T19:56:00.791Z",
"dateReserved": "2024-08-28T20:21:32.802Z",
"dateUpdated": "2024-09-18T13:17:36.013Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-65961 (GCVE-0-2025-65961)
Vulnerability from nvd – Published: 2025-11-25 19:06 – Updated: 2025-11-25 19:29
VLAI?
Title
Contao is vulnerable to cross-site scripting in templates
Summary
Contao is an Open Source CMS. From version 4.0.0 to before 4.13.57, before 5.3.42, and before 5.6.5, it is possible to inject code into the template output that will be executed in the browser in the front end and back end. This issue has been patched in versions 4.13.57, 5.3.42, and 5.6.5. A workaround for this issue involves not using the affected templates or patch them manually.
Severity ?
CWE
- CWE-87 - Improper Neutralization of Alternate XSS Syntax
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-65961",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-25T19:28:53.256704Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-25T19:29:04.630Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "contao",
"vendor": "contao",
"versions": [
{
"status": "affected",
"version": "\u003e= 4.0.0, \u003c 4.13.57"
},
{
"status": "affected",
"version": "\u003e= 5.0.0-RC1, \u003c 5.3.42"
},
{
"status": "affected",
"version": "\u003e= 5.4.0-RC1, \u003c 5.6.5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Contao is an Open Source CMS. From version 4.0.0 to before 4.13.57, before 5.3.42, and before 5.6.5, it is possible to inject code into the template output that will be executed in the browser in the front end and back end. This issue has been patched in versions 4.13.57, 5.3.42, and 5.6.5. A workaround for this issue involves not using the affected templates or patch them manually."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-87",
"description": "CWE-87: Improper Neutralization of Alternate XSS Syntax",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-25T19:06:37.395Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/contao/contao/security/advisories/GHSA-68q5-78xp-cwwc",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/contao/contao/security/advisories/GHSA-68q5-78xp-cwwc"
},
{
"name": "https://contao.org/en/security-advisories/cross-site-scripting-in-templates",
"tags": [
"x_refsource_MISC"
],
"url": "https://contao.org/en/security-advisories/cross-site-scripting-in-templates"
}
],
"source": {
"advisory": "GHSA-68q5-78xp-cwwc",
"discovery": "UNKNOWN"
},
"title": "Contao is vulnerable to cross-site scripting in templates"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-65961",
"datePublished": "2025-11-25T19:06:37.395Z",
"dateReserved": "2025-11-18T16:14:56.694Z",
"dateUpdated": "2025-11-25T19:29:04.630Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-65960 (GCVE-0-2025-65960)
Vulnerability from nvd – Published: 2025-11-25 18:54 – Updated: 2025-11-25 20:00
VLAI?
Title
Contao is vulnerable to remote code execution in template closures
Summary
Contao is an Open Source CMS. From version 4.0.0 to before 4.13.57, before 5.3.42, and before 5.6.5, back end users with precise control over the contents of template closures can execute arbitrary PHP functions that do not have required parameters. This issue has been patched in versions 4.13.57, 5.3.42, and 5.6.5. A workaround for this issue involves manually patching the Contao\Template::once() method.
Severity ?
6.6 (Medium)
CWE
- CWE-351 - Insufficient Type Distinction
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-65960",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-25T19:59:53.302405Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-25T20:00:14.687Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "contao",
"vendor": "contao",
"versions": [
{
"status": "affected",
"version": "\u003e= 4.0.0, \u003c 4.13.57"
},
{
"status": "affected",
"version": "\u003e= 5.0.0-RC1, \u003c 5.3.42"
},
{
"status": "affected",
"version": "\u003e= 5.4.0-RC1, \u003c 5.6.5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Contao is an Open Source CMS. From version 4.0.0 to before 4.13.57, before 5.3.42, and before 5.6.5, back end users with precise control over the contents of template closures can execute arbitrary PHP functions that do not have required parameters. This issue has been patched in versions 4.13.57, 5.3.42, and 5.6.5. A workaround for this issue involves manually patching the Contao\\Template::once() method."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-351",
"description": "CWE-351: Insufficient Type Distinction",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-25T18:54:48.897Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/contao/contao/security/advisories/GHSA-98vj-mm79-v77r",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/contao/contao/security/advisories/GHSA-98vj-mm79-v77r"
},
{
"name": "https://contao.org/en/security-advisories/remote-code-execution-in-template-closures",
"tags": [
"x_refsource_MISC"
],
"url": "https://contao.org/en/security-advisories/remote-code-execution-in-template-closures"
}
],
"source": {
"advisory": "GHSA-98vj-mm79-v77r",
"discovery": "UNKNOWN"
},
"title": "Contao is vulnerable to remote code execution in template closures"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-65960",
"datePublished": "2025-11-25T18:54:48.897Z",
"dateReserved": "2025-11-18T16:14:56.694Z",
"dateUpdated": "2025-11-25T20:00:14.687Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-57759 (GCVE-0-2025-57759)
Vulnerability from nvd – Published: 2025-08-28 16:32 – Updated: 2025-08-28 17:16
VLAI?
Title
Contao has improper privilege management for page and article fields
Summary
Contao is an Open Source CMS. In versions starting from 5.3.0 and prior to 5.3.38 and 5.6.1, under certain conditions, back end users may be able to edit fields of pages and articles without having the necessary permissions. This issue has been patched in versions 5.3.38 and 5.6.1. There are no workarounds.
Severity ?
4.3 (Medium)
CWE
- CWE-269 - Improper Privilege Management
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-57759",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-28T17:16:51.325478Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-28T17:16:55.904Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "contao",
"vendor": "contao",
"versions": [
{
"status": "affected",
"version": "\u003e= 5.3.0, \u003c 5.3.38"
},
{
"status": "affected",
"version": "\u003e= 5.4.0-RC1, \u003c 5.6.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Contao is an Open Source CMS. In versions starting from 5.3.0 and prior to 5.3.38 and 5.6.1, under certain conditions, back end users may be able to edit fields of pages and articles without having the necessary permissions. This issue has been patched in versions 5.3.38 and 5.6.1. There are no workarounds."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269: Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-28T16:32:59.022Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/contao/contao/security/advisories/GHSA-qqfq-7cpp-hcqj",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/contao/contao/security/advisories/GHSA-qqfq-7cpp-hcqj"
},
{
"name": "https://github.com/contao/contao/commit/80ee7db12d55ad979d9b1b180f273d4e2668851f",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/contao/contao/commit/80ee7db12d55ad979d9b1b180f273d4e2668851f"
},
{
"name": "https://contao.org/en/security-advisories/improper-privilege-management-for-page-and-article-fields",
"tags": [
"x_refsource_MISC"
],
"url": "https://contao.org/en/security-advisories/improper-privilege-management-for-page-and-article-fields"
}
],
"source": {
"advisory": "GHSA-qqfq-7cpp-hcqj",
"discovery": "UNKNOWN"
},
"title": "Contao has improper privilege management for page and article fields"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-57759",
"datePublished": "2025-08-28T16:32:59.022Z",
"dateReserved": "2025-08-19T15:16:22.916Z",
"dateUpdated": "2025-08-28T17:16:55.904Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-57758 (GCVE-0-2025-57758)
Vulnerability from nvd – Published: 2025-08-28 16:32 – Updated: 2025-08-28 17:20
VLAI?
Title
Contao has improper access control in the back end voters
Summary
Contao is an Open Source CMS. In versions starting from 5.0.0 and prior to 5.3.38 and 5.6.1, the table access voter in the back end doesn't check if a user is allowed to access the corresponding module. This issue has been patched in versions 5.3.38 and 5.6.1. A workaround involves not relying solely on the voter and additionally to check USER_CAN_ACCESS_MODULE.
Severity ?
4.3 (Medium)
CWE
- CWE-284 - Improper Access Control
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-57758",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-28T17:19:56.119408Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-28T17:20:01.087Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "contao",
"vendor": "contao",
"versions": [
{
"status": "affected",
"version": "\u003e= 5.0.0, \u003c 5.3.38"
},
{
"status": "affected",
"version": "\u003e= 5.4.0-RC1, \u003c 5.6.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Contao is an Open Source CMS. In versions starting from 5.0.0 and prior to 5.3.38 and 5.6.1, the table access voter in the back end doesn\u0027t check if a user is allowed to access the corresponding module. This issue has been patched in versions 5.3.38 and 5.6.1. A workaround involves not relying solely on the voter and additionally to check USER_CAN_ACCESS_MODULE."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284: Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-28T16:32:38.664Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/contao/contao/security/advisories/GHSA-7m47-r75r-cx8v",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/contao/contao/security/advisories/GHSA-7m47-r75r-cx8v"
},
{
"name": "https://github.com/contao/contao/commit/3f05c603e1c94d34819f837f060df5d66447d0d7",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/contao/contao/commit/3f05c603e1c94d34819f837f060df5d66447d0d7"
},
{
"name": "https://contao.org/en/security-advisories/improper-access-control-in-the-back-end-voters",
"tags": [
"x_refsource_MISC"
],
"url": "https://contao.org/en/security-advisories/improper-access-control-in-the-back-end-voters"
}
],
"source": {
"advisory": "GHSA-7m47-r75r-cx8v",
"discovery": "UNKNOWN"
},
"title": "Contao has improper access control in the back end voters"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-57758",
"datePublished": "2025-08-28T16:32:38.664Z",
"dateReserved": "2025-08-19T15:16:22.916Z",
"dateUpdated": "2025-08-28T17:20:01.087Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-57757 (GCVE-0-2025-57757)
Vulnerability from nvd – Published: 2025-08-28 16:32 – Updated: 2025-08-28 17:48
VLAI?
Title
Contao discloses information in the news module
Summary
Contao is an Open Source CMS. In versions starting from 5.0.0 and prior to 5.3.38 and 5.6.1, if a news feed contains protected news archives, their news items are not filtered and become publicly available in the RSS feed. This issue has been patched in versions 5.3.38 and 5.6.1. A workaround involves not adding protected news archives to the news feed page.
Severity ?
5.3 (Medium)
CWE
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-57757",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-28T17:45:40.665521Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-28T17:48:36.124Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "contao",
"vendor": "contao",
"versions": [
{
"status": "affected",
"version": "\u003e= 5.0.0-RC1, \u003c 5.3.38"
},
{
"status": "affected",
"version": "\u003e= 5.4.0-RC1, \u003c 5.6.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Contao is an Open Source CMS. In versions starting from 5.0.0 and prior to 5.3.38 and 5.6.1, if a news feed contains protected news archives, their news items are not filtered and become publicly available in the RSS feed. This issue has been patched in versions 5.3.38 and 5.6.1. A workaround involves not adding protected news archives to the news feed page."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-212",
"description": "CWE-212: Improper Removal of Sensitive Information Before Storage or Transfer",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-28T16:32:03.487Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/contao/contao/security/advisories/GHSA-w53m-gxvg-vx7p",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/contao/contao/security/advisories/GHSA-w53m-gxvg-vx7p"
},
{
"name": "https://github.com/contao/contao/commit/e75f46b11974fbf7a4652e65c19ad6ca84c59271",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/contao/contao/commit/e75f46b11974fbf7a4652e65c19ad6ca84c59271"
},
{
"name": "https://contao.org/en/security-advisories/information-disclosure-in-the-news-module",
"tags": [
"x_refsource_MISC"
],
"url": "https://contao.org/en/security-advisories/information-disclosure-in-the-news-module"
}
],
"source": {
"advisory": "GHSA-w53m-gxvg-vx7p",
"discovery": "UNKNOWN"
},
"title": "Contao discloses information in the news module"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-57757",
"datePublished": "2025-08-28T16:32:03.487Z",
"dateReserved": "2025-08-19T15:16:22.916Z",
"dateUpdated": "2025-08-28T17:48:36.124Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-57756 (GCVE-0-2025-57756)
Vulnerability from nvd – Published: 2025-08-28 16:31 – Updated: 2025-08-28 17:49
VLAI?
Title
Contao discloses sensitive information in the front end search index
Summary
Contao is an Open Source CMS. In versions starting from 4.9.14 and prior to 4.13.56, 5.3.38, and 5.6.1, protected content elements that are rendered as fragments are indexed and become publicly available in the front end search. This issue has been patched in versions 4.13.56, 5.3.38, and 5.6.1. A workaround involves disabling the front end search.
Severity ?
5.3 (Medium)
CWE
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-57756",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-28T17:49:20.516549Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-28T17:49:26.154Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "contao",
"vendor": "contao",
"versions": [
{
"status": "affected",
"version": "\u003e= 4.9.14, \u003c 4.13.56"
},
{
"status": "affected",
"version": "\u003e= 5.0.0-RC1, \u003c 5.3.38"
},
{
"status": "affected",
"version": "\u003e= 5.4.0-RC1, \u003c 5.6.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Contao is an Open Source CMS. In versions starting from 4.9.14 and prior to 4.13.56, 5.3.38, and 5.6.1, protected content elements that are rendered as fragments are indexed and become publicly available in the front end search. This issue has been patched in versions 4.13.56, 5.3.38, and 5.6.1. A workaround involves disabling the front end search."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-612",
"description": "CWE-612: Improper Authorization of Index Containing Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-28T16:31:40.295Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/contao/contao/security/advisories/GHSA-2xmj-8wmq-7475",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/contao/contao/security/advisories/GHSA-2xmj-8wmq-7475"
},
{
"name": "https://github.com/contao/contao/commit/a03976c459b6f3985a28f6488b82a76ffb6c0514",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/contao/contao/commit/a03976c459b6f3985a28f6488b82a76ffb6c0514"
},
{
"name": "https://contao.org/en/security-advisories/information-disclosure-in-the-front-end-search-index",
"tags": [
"x_refsource_MISC"
],
"url": "https://contao.org/en/security-advisories/information-disclosure-in-the-front-end-search-index"
}
],
"source": {
"advisory": "GHSA-2xmj-8wmq-7475",
"discovery": "UNKNOWN"
},
"title": "Contao discloses sensitive information in the front end search index"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-57756",
"datePublished": "2025-08-28T16:31:40.295Z",
"dateReserved": "2025-08-19T15:16:22.916Z",
"dateUpdated": "2025-08-28T17:49:26.154Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-29790 (GCVE-0-2025-29790)
Vulnerability from nvd – Published: 2025-03-18 18:36 – Updated: 2025-03-18 18:48
VLAI?
Title
Contao allows cross-site scripting through SVG uploads
Summary
Contao is an Open Source CMS. Users can upload SVG files with malicious code, which is then executed in the back end and/or front end. This vulnerability is fixed in Contao 4.13.54, 5.3.30, or 5.5.6.
Severity ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-29790",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-18T18:48:29.028406Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-18T18:48:39.399Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "contao",
"vendor": "contao",
"versions": [
{
"status": "affected",
"version": "\u003e= 4.0.0, \u003c 4.13.54"
},
{
"status": "affected",
"version": "\u003e= 5.0.0, \u003c 5.3.30"
},
{
"status": "affected",
"version": "\u003e= 5.4.0, \u003c 5.5.6"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Contao is an Open Source CMS. Users can upload SVG files with malicious code, which is then executed in the back end and/or front end. This vulnerability is fixed in Contao 4.13.54, 5.3.30, or 5.5.6."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"privilegesRequired": "LOW",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "LOW",
"userInteraction": "ACTIVE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-18T18:36:34.279Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/contao/contao/security/advisories/GHSA-vqqr-fgmh-f626",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/contao/contao/security/advisories/GHSA-vqqr-fgmh-f626"
},
{
"name": "https://contao.org/en/security-advisories/cross-site-scripting-through-svg-uploads",
"tags": [
"x_refsource_MISC"
],
"url": "https://contao.org/en/security-advisories/cross-site-scripting-through-svg-uploads"
}
],
"source": {
"advisory": "GHSA-vqqr-fgmh-f626",
"discovery": "UNKNOWN"
},
"title": "Contao allows cross-site scripting through SVG uploads"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-29790",
"datePublished": "2025-03-18T18:36:34.279Z",
"dateReserved": "2025-03-11T14:23:00.476Z",
"dateUpdated": "2025-03-18T18:48:39.399Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-45965 (GCVE-0-2024-45965)
Vulnerability from nvd – Published: 2024-10-02 00:00 – Updated: 2025-08-27 21:27
VLAI?
Summary
Contao before 5.5.6 allows XSS via an SVG document. This affects (in contao/core-bundle in Composer) 4.x before 4.13.54, 5.0.x through 5.3.x before 5.3.30, and 5.4.x and 5.5..x before 5.5.6.
Severity ?
6.4 (Medium)
CWE
- CWE-434 - Unrestricted Upload of File with Dangerous Type
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:contao:contao:5.4.1:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "contao",
"vendor": "contao",
"versions": [
{
"status": "affected",
"version": "5.4.1"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-45965",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-02T20:29:10.374330Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-27T21:27:09.128Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Contao",
"vendor": "Contao",
"versions": [
{
"lessThan": "4.13.54",
"status": "affected",
"version": "4.0.0",
"versionType": "semver"
},
{
"lessThan": "5.3.30",
"status": "affected",
"version": "5.0.0",
"versionType": "semver"
},
{
"lessThan": "5.5.6",
"status": "affected",
"version": "5.4.0",
"versionType": "semver"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:contao:contao:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.13.54",
"versionStartIncluding": "4.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contao:contao:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.3.30",
"versionStartIncluding": "5.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:contao:contao:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.5.6",
"versionStartIncluding": "5.4.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Contao before 5.5.6 allows XSS via an SVG document. This affects (in contao/core-bundle in Composer) 4.x before 4.13.54, 5.0.x through 5.3.x before 5.3.30, and 5.4.x and 5.5..x before 5.5.6."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "CWE-434 Unrestricted Upload of File with Dangerous Type",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-24T19:04:03.032Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://grimthereaperteam.medium.com/contao-5-4-1-malicious-file-upload-xss-in-svg-30edb8820ecb"
},
{
"url": "https://contao.org/en/security-advisories/cross-site-scripting-through-svg-uploads"
}
],
"x_generator": {
"engine": "enrichogram 0.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2024-45965",
"datePublished": "2024-10-02T00:00:00.000Z",
"dateReserved": "2024-09-11T00:00:00.000Z",
"dateUpdated": "2025-08-27T21:27:09.128Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-45604 (GCVE-0-2024-45604)
Vulnerability from nvd – Published: 2024-09-17 19:56 – Updated: 2024-09-18 13:09
VLAI?
Title
Directory traversal in the file selector widget in contao/core-bundle
Summary
Contao is an Open Source CMS. In affected versions authenticated users in the back end can list files outside the document root in the file selector widget. Users are advised to update to Contao 4.13.49. There are no known workarounds for this vulnerability.
Severity ?
4.3 (Medium)
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-45604",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-18T13:09:34.002818Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-18T13:09:48.444Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "contao",
"vendor": "contao",
"versions": [
{
"status": "affected",
"version": "\u003c 4.13.49"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Contao is an Open Source CMS. In affected versions authenticated users in the back end can list files outside the document root in the file selector widget. Users are advised to update to Contao 4.13.49. There are no known workarounds for this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-17T19:56:02.588Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/contao/contao/security/advisories/GHSA-4p75-5p53-65m9",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/contao/contao/security/advisories/GHSA-4p75-5p53-65m9"
},
{
"name": "https://contao.org/en/security-advisories/directory-traversal-in-the-fileselector-widget",
"tags": [
"x_refsource_MISC"
],
"url": "https://contao.org/en/security-advisories/directory-traversal-in-the-fileselector-widget"
}
],
"source": {
"advisory": "GHSA-4p75-5p53-65m9",
"discovery": "UNKNOWN"
},
"title": "Directory traversal in the file selector widget in contao/core-bundle"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-45604",
"datePublished": "2024-09-17T19:56:02.588Z",
"dateReserved": "2024-09-02T16:00:02.424Z",
"dateUpdated": "2024-09-18T13:09:48.444Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-45398 (GCVE-0-2024-45398)
Vulnerability from nvd – Published: 2024-09-17 19:56 – Updated: 2024-09-18 13:17
VLAI?
Title
Remote command execution through file upload in contao/core-bundle
Summary
Contao is an Open Source CMS. In affected versions a back end user with access to the file manager can upload malicious files and execute them on the server. Users are advised to update to Contao 4.13.49, 5.3.15 or 5.4.3. Users unable to update are advised to configure their web server so it does not execute PHP files and other scripts in the Contao file upload directory.
Severity ?
8.3 (High)
CWE
- CWE-434 - Unrestricted Upload of File with Dangerous Type
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:contao:contao:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "contao",
"vendor": "contao",
"versions": [
{
"lessThanOrEqual": "4.13.49",
"status": "affected",
"version": "4.0.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "5.3.15",
"status": "affected",
"version": "5.0.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "5.4.3",
"status": "affected",
"version": "5.4.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-45398",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-18T13:14:03.501932Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-18T13:17:36.013Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "contao",
"vendor": "contao",
"versions": [
{
"status": "affected",
"version": "\u003e=4.0.0, \u003c 4.13.49"
},
{
"status": "affected",
"version": "\u003e= 5.0.0, \u003c 5.3.15"
},
{
"status": "affected",
"version": "\u003e= 5.4.0, \u003c 5.4.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Contao is an Open Source CMS. In affected versions a back end user with access to the file manager can upload malicious files and execute them on the server. Users are advised to update to Contao 4.13.49, 5.3.15 or 5.4.3. Users unable to update are advised to configure their web server so it does not execute PHP files and other scripts in the Contao file upload directory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "CWE-434: Unrestricted Upload of File with Dangerous Type",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-17T19:56:00.791Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/contao/contao/security/advisories/GHSA-vm6r-j788-hjh5",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/contao/contao/security/advisories/GHSA-vm6r-j788-hjh5"
},
{
"name": "https://contao.org/en/security-advisories/remote-command-execution-through-file-uploads",
"tags": [
"x_refsource_MISC"
],
"url": "https://contao.org/en/security-advisories/remote-command-execution-through-file-uploads"
}
],
"source": {
"advisory": "GHSA-vm6r-j788-hjh5",
"discovery": "UNKNOWN"
},
"title": "Remote command execution through file upload in contao/core-bundle"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-45398",
"datePublished": "2024-09-17T19:56:00.791Z",
"dateReserved": "2024-08-28T20:21:32.802Z",
"dateUpdated": "2024-09-18T13:17:36.013Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}