VulnerableCode Package Details - pkg:composer/contao/core-bundle@4.13.40

Search for packages

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerability

Summary

Fixed by

This package is not known to be affected by vulnerabilities.

Vulnerability	Summary	Aliases
VCID-gzzh-6ysu-9yey	Contao: Possible cookie sharing with external domains while checking protected pages for broken links If the crawler is set to crawl protected pages, it sends the cookie header to externals URLs.	CVE-2024-28235 GHSA-9jh5-qf84-x6pr
VCID-h8k9-qw2h-zyd2	Contao: Remember-me tokens will not be cleared after a password change When a front end member changes their password, the corresponding remember-me tokens are not removed.	CVE-2024-30262 GHSA-r4r6-j2j3-7pp5
VCID-jbcs-b2p9-myhz	Contao: Cross site scripting in the file manager Users can insert malicious code into file names when uploading files, which is then executed in tooltips and popups in the backend.	CVE-2024-28190 GHSA-v24p-7p4j-qvvf
VCID-jzx2-et8q-7qhm	Contao: Unencoded insert tags in the frontend It is possible to inject insert tags via the form generator if the submitted form data is output on the page in a specific way.	CVE-2024-28191 GHSA-747v-52c4-8vj8

Vulnerability

Summary

Aliases

VCID-gzzh-6ysu-9yey

Contao: Possible cookie sharing with external domains while checking protected pages for broken links If the crawler is set to crawl protected pages, it sends the cookie header to externals URLs.

CVE-2024-28235
GHSA-9jh5-qf84-x6pr

VCID-h8k9-qw2h-zyd2

Contao: Remember-me tokens will not be cleared after a password change When a front end member changes their password, the corresponding remember-me tokens are not removed.

CVE-2024-30262
GHSA-r4r6-j2j3-7pp5

VCID-jbcs-b2p9-myhz

Contao: Cross site scripting in the file manager Users can insert malicious code into file names when uploading files, which is then executed in tooltips and popups in the backend.

CVE-2024-28190
GHSA-v24p-7p4j-qvvf

VCID-jzx2-et8q-7qhm

Contao: Unencoded insert tags in the frontend It is possible to inject insert tags via the form generator if the submitted form data is output on the page in a specific way.

CVE-2024-28191
GHSA-747v-52c4-8vj8

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-06-02T04:47:32.866903+00:00	GitLab Importer	Fixing	VCID-h8k9-qw2h-zyd2	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/contao/core-bundle/CVE-2024-30262.yml	38.6.0
2026-06-02T04:47:32.782112+00:00	GitLab Importer	Fixing	VCID-jbcs-b2p9-myhz	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/contao/core-bundle/CVE-2024-28190.yml	38.6.0
2026-06-02T04:47:32.465421+00:00	GitLab Importer	Fixing	VCID-gzzh-6ysu-9yey	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/contao/core-bundle/CVE-2024-28235.yml	38.6.0
2026-06-02T04:47:32.341138+00:00	GitLab Importer	Fixing	VCID-jzx2-et8q-7qhm	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/contao/core-bundle/CVE-2024-28191.yml	38.6.0