Search for packages
| purl | pkg:composer/contao/core-bundle@5.6.2 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-37bz-3y5f-k3ca
Aliases: CVE-2025-65961 GHSA-68q5-78xp-cwwc |
Contao is an Open Source CMS. From version 4.0.0 to before 4.13.57, before 5.3.42, and before 5.6.5, it is possible to inject code into the template output that will be executed in the browser in the front end and back end. This issue has been patched in versions 4.13.57, 5.3.42, and 5.6.5. A workaround for this issue involves not using the affected templates or patch them manually. |
Affected by 0 other vulnerabilities. |
|
VCID-tchf-hfgv-e3ca
Aliases: CVE-2025-65960 GHSA-98vj-mm79-v77r |
Contao is an Open Source CMS. From version 4.0.0 to before 4.13.57, before 5.3.42, and before 5.6.5, back end users with precise control over the contents of template closures can execute arbitrary PHP functions that do not have required parameters. This issue has been patched in versions 4.13.57, 5.3.42, and 5.6.5. A workaround for this issue involves manually patching the Contao\Template::once() method. |
Affected by 0 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-06-12T20:35:47.143375+00:00 | GitLab Importer | Affected by | VCID-37bz-3y5f-k3ca | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/contao/core-bundle/CVE-2025-65961.yml | 38.6.0 |
| 2026-06-12T20:34:38.977646+00:00 | GitLab Importer | Affected by | VCID-tchf-hfgv-e3ca | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/contao/core-bundle/CVE-2025-65960.yml | 38.6.0 |