Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:composer/contao/core-bundle@4.11.7
purl pkg:composer/contao/core-bundle@4.11.7
Next non-vulnerable version 4.11.8
Latest non-vulnerable version 5.6.5
Risk 4.0
Vulnerabilities affecting this package (2)
Vulnerability Summary Fixed by
VCID-rj3d-jeyz-vye5
Aliases:
CVE-2021-37627
GHSA-hq5m-mqmx-fw6m
Improper Privilege Management Contao is an open source CMS that allows creation of websites and scalable web applications.All users are advised to update to Contao As a workaround users may disable the form generator or disable the login for untrusted back end users.
4.11.8
Affected by 0 other vulnerabilities.
VCID-t2u3-tgg3-cbb9
Aliases:
CVE-2021-37626
GHSA-r6mv-ppjc-4hgr
Code Injection Contao is an open source CMS that allows you to create websites and scalable web applications.Update to Contao to resolve. If you cannot update then disable the login for untrusted back end users.
4.11.8
Affected by 0 other vulnerabilities.
Vulnerabilities fixed by this package (3)
Vulnerability Summary Aliases
VCID-82d1-8yn8-sydv Cross site scripting via HTML attributes in the back end It is possible for untrusted users to inject malicious code into HTML attributes in the back end, which will be executed both in the element preview (back end) and on the website (front end). Installations are only affected if there are untrusted back end users who have the rights to modify HTML fields (e.g. TinyMCE). CVE-2021-35955
GHSA-hr3h-x6gq-rqcp
VCID-rj3d-jeyz-vye5 Improper Privilege Management Contao is an open source CMS that allows creation of websites and scalable web applications.All users are advised to update to Contao As a workaround users may disable the form generator or disable the login for untrusted back end users. CVE-2021-37627
GHSA-hq5m-mqmx-fw6m
VCID-t2u3-tgg3-cbb9 Code Injection Contao is an open source CMS that allows you to create websites and scalable web applications.Update to Contao to resolve. If you cannot update then disable the login for untrusted back end users. CVE-2021-37626
GHSA-r6mv-ppjc-4hgr

Date Actor Action Vulnerability Source VulnerableCode Version
2026-06-04T17:30:09.953091+00:00 GithubOSV Importer Fixing VCID-rj3d-jeyz-vye5 https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/08/GHSA-hq5m-mqmx-fw6m/GHSA-hq5m-mqmx-fw6m.json 38.6.0
2026-06-04T17:29:51.592783+00:00 GithubOSV Importer Fixing VCID-82d1-8yn8-sydv https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/08/GHSA-hr3h-x6gq-rqcp/GHSA-hr3h-x6gq-rqcp.json 38.6.0
2026-06-04T17:28:51.395555+00:00 GithubOSV Importer Fixing VCID-t2u3-tgg3-cbb9 https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/08/GHSA-r6mv-ppjc-4hgr/GHSA-r6mv-ppjc-4hgr.json 38.6.0
2026-06-02T04:39:45.892406+00:00 GitLab Importer Fixing VCID-82d1-8yn8-sydv https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/contao/core-bundle/CVE-2021-35955.yml 38.6.0
2026-06-02T04:39:36.520151+00:00 GitLab Importer Affected by VCID-t2u3-tgg3-cbb9 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/contao/core-bundle/CVE-2021-37626.yml 38.6.0
2026-06-02T04:39:36.372801+00:00 GitLab Importer Affected by VCID-rj3d-jeyz-vye5 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/contao/core-bundle/CVE-2021-37627.yml 38.6.0