Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:composer/contao/core-bundle@5.6.4

Type composer

Namespace contao

Name core-bundle

Version 5.6.4

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 5.6.5

Latest_non_vulnerable_version 5.6.5

Affected_by_vulnerabilities

url VCID-r1h5-ag74-dbaw

vulnerability_id VCID-r1h5-ag74-dbaw

summary

Contao is vulnerable to cross-site scripting in templates
It is possible to inject code into the template output that will be executed in the browser in the front end and back end.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-65961

reference_id

reference_type

scores

value	0.0002
scoring_system	epss
scoring_elements	0.05699
published_at	2026-06-05T12:55:00Z

value	0.0002
scoring_system	epss
scoring_elements	0.05643
published_at	2026-06-08T12:55:00Z

value	0.0002
scoring_system	epss
scoring_elements	0.05685
published_at	2026-06-07T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-65961

reference_url

https://contao.org/en/security-advisories/cross-site-scripting-in-templates

reference_id

reference_type

scores

value	3.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:N

value	LOW
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-25T19:28:53Z/

url

https://contao.org/en/security-advisories/cross-site-scripting-in-templates

reference_url

https://github.com/contao/contao

reference_id

reference_type

scores

value	3.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:N

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://github.com/contao/contao

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2025-65961

reference_id

CVE-2025-65961

reference_type

scores

value	3.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:N

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2025-65961

reference_url

https://github.com/advisories/GHSA-68q5-78xp-cwwc

reference_id

GHSA-68q5-78xp-cwwc

reference_type

scores

value	LOW
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-68q5-78xp-cwwc

reference_url

https://github.com/contao/contao/security/advisories/GHSA-68q5-78xp-cwwc

reference_id

GHSA-68q5-78xp-cwwc

reference_type

scores

value	3.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:N

value	LOW
scoring_system	cvssv3.1_qr
scoring_elements

value	LOW
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-25T19:28:53Z/

url

https://github.com/contao/contao/security/advisories/GHSA-68q5-78xp-cwwc

fixed_packages

url	pkg:composer/contao/core-bundle@5.6.5
purl	pkg:composer/contao/core-bundle@5.6.5
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:composer/contao/core-bundle@5.6.5

aliases CVE-2025-65961, GHSA-68q5-78xp-cwwc

risk_score 1.5

exploitability 0.5

weighted_severity 3.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-r1h5-ag74-dbaw

url VCID-wyd5-t8at-8bba

vulnerability_id VCID-wyd5-t8at-8bba

summary

Contao is vulnerable to remote code execution in template closures
Backend users with precise control over the contents of template closures can execute arbitrary PHP functions that do not have required parameters.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-65960

reference_id

reference_type

scores

value	0.0002
scoring_system	epss
scoring_elements	0.05728
published_at	2026-06-05T12:55:00Z

value	0.0002
scoring_system	epss
scoring_elements	0.05672
published_at	2026-06-08T12:55:00Z

value	0.0002
scoring_system	epss
scoring_elements	0.05715
published_at	2026-06-07T12:55:00Z

value	0.0002
scoring_system	epss
scoring_elements	0.05714
published_at	2026-06-06T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-65960

reference_url

https://contao.org/en/security-advisories/remote-code-execution-in-template-closures

reference_id

reference_type

scores

value	6.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-11-25T19:59:53Z/

url

https://contao.org/en/security-advisories/remote-code-execution-in-template-closures

reference_url

https://github.com/contao/contao

reference_id

reference_type

scores

value	6.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/contao/contao

reference_url

https://github.com/contao/contao/commit/577d7fdd5b1ca84f65f034ff556865422f0a3bd1

reference_id

reference_type

scores

value	6.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/contao/contao/commit/577d7fdd5b1ca84f65f034ff556865422f0a3bd1

reference_url

https://github.com/contao/contao/commit/676f0855d39007ac9a0dbe7ae6a7414cba2312a5

reference_id

reference_type

scores

value	6.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/contao/contao/commit/676f0855d39007ac9a0dbe7ae6a7414cba2312a5

reference_url

https://github.com/contao/contao/commit/ebf84c90e5679a67060f396b924ce4a3c3f206b3

reference_id

reference_type

scores

value	6.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/contao/contao/commit/ebf84c90e5679a67060f396b924ce4a3c3f206b3

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2025-65960

reference_id

CVE-2025-65960

reference_type

scores

value	6.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2025-65960

reference_url

https://github.com/advisories/GHSA-98vj-mm79-v77r

reference_id

GHSA-98vj-mm79-v77r

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-98vj-mm79-v77r

reference_url

https://github.com/contao/contao/security/advisories/GHSA-98vj-mm79-v77r

reference_id

GHSA-98vj-mm79-v77r

reference_type

scores

value	6.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-11-25T19:59:53Z/

url

https://github.com/contao/contao/security/advisories/GHSA-98vj-mm79-v77r

fixed_packages

url	pkg:composer/contao/core-bundle@5.6.5
purl	pkg:composer/contao/core-bundle@5.6.5
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:composer/contao/core-bundle@5.6.5

aliases CVE-2025-65960, GHSA-98vj-mm79-v77r

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wyd5-t8at-8bba

Fixing_vulnerabilities

Risk_score 3.1

Resource_url http://public2.vulnerablecode.io/packages/pkg:composer/contao/core-bundle@5.6.4

Package Instance