Vulnerabilidades em contao
22 resultadosCVE-2022-24899HIGHCross site scripting via canonical tagEPSS 3.7%CVE-2021-37626HIGHPHP file inclusion via insert tagsEPSS 1.3%CVE-2021-37627HIGHPrivilege escalation via form generatorEPSS 1.0%CVE-2012-4383—contao prior to 2.11.4 has a sql injection vulnerabilityEPSS 0.9%CVE-2023-29200MEDIUMcontao/core-bundle has path traversal vulnerability in the file managerEPSS 0.8%CVE-2024-28235HIGHContao possible cookie sharing with external domains while checking protected pages for broken linksEPSS 0.7%CVE-2024-28234MEDIUMContao has insufficient BBCode sanitizerEPSS 0.6%CVE-2023-36806MEDIUMContao cross site scripting vulnerability via input unit widgetEPSS 0.5%CVE-2024-45398HIGHRemote command execution through file upload in contao/core-bundleEPSS 0.5%CVE-2024-28190MEDIUMContao core bundle vulnerable to cross site scripting in the file managerEPSS 0.5%CVE-2024-28191LOWContao may have unencoded insert tags in the frontendEPSS 0.5%CVE-2024-30262MEDIUMContao's remember-me tokens will not be cleared after a password changeEPSS 0.5%CVE-2024-45604MEDIUMDirectory traversal in the file selector widget in contao/core-bundleEPSS 0.4%CVE-2024-45965MEDIUMContao before 5.5.6 allows XSS via an SVG document. This affects (in contao/core-bundle in Composer) 4.x before 4.13.54, 5.0.x through 5.3.xEPSS 0.3%CVE-2024-45612MEDIUMInsert tag injection via canonical URL in ContaoEPSS 0.3%CVE-2025-57757MEDIUMContao discloses information in the news moduleEPSS 0.3%CVE-2025-57756MEDIUMContao discloses sensitive information in the front end search indexEPSS 0.3%CVE-2025-57758MEDIUMContao has improper access control in the back end votersEPSS 0.2%CVE-2025-57759MEDIUMContao has improper privilege management for page and article fieldsEPSS 0.2%CVE-2025-29790MEDIUMContao allows cross-site scripting through SVG uploadsEPSS 0.2%