Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:composer/contao/core@3.3.2

Type composer

Namespace contao

Name core

Version 3.3.2

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version null

Latest_non_vulnerable_version null

Affected_by_vulnerabilities

url VCID-2tyq-my7z-u7gt

vulnerability_id VCID-2tyq-my7z-u7gt

summary Cross-site Scripting in Contao

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-10125

reference_id

reference_type

scores

value	0.00328
scoring_system	epss
scoring_elements	0.56172
published_at	2026-06-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-10125

reference_url

https://contao.org/en/news/contao-3_5_35.html

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://contao.org/en/news/contao-3_5_35.html

reference_url

https://contao.org/en/news/contao-4_4_18.html

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://contao.org/en/news/contao-4_4_18.html

reference_url

https://contao.org/en/security-advisories/cross-site-scripting-in-the-system-log.html

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://contao.org/en/security-advisories/cross-site-scripting-in-the-system-log.html

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2018-10125

reference_id

CVE-2018-10125

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2018-10125

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/contao/contao/CVE-2018-10125.yaml

reference_id

CVE-2018-10125.YAML

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/contao/contao/CVE-2018-10125.yaml

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/contao/core-bundle/CVE-2018-10125.yaml

reference_id

CVE-2018-10125.YAML

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/contao/core-bundle/CVE-2018-10125.yaml

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/contao/core/CVE-2018-10125.yaml

reference_id

CVE-2018-10125.YAML

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/contao/core/CVE-2018-10125.yaml

reference_url

https://github.com/advisories/GHSA-pj4j-287j-f742

reference_id

GHSA-pj4j-287j-f742

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-pj4j-287j-f742

fixed_packages

url pkg:composer/contao/core@3.5.35

purl pkg:composer/contao/core@3.5.35

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-n85r-h4ck-8yb4

vulnerability	VCID-y4v8-uegv-t3fm

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/contao/core@3.5.35

aliases CVE-2018-10125, GHSA-pj4j-287j-f742

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2tyq-my7z-u7gt

url VCID-3dd2-swwc-2kgn

vulnerability_id VCID-3dd2-swwc-2kgn

summary Contao 3.x before 3.5.32 allows XSS via the unsubscribe module in the frontend newsletter extension.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-5478

reference_id

reference_type

scores

value	0.00076
scoring_system	epss
scoring_elements	0.2292
published_at	2026-06-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-5478

reference_url

https://contao.org/en/news/contao-3_5_32.html

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://contao.org/en/news/contao-3_5_32.html

reference_url

https://github.com/contao/core

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/contao/core

reference_url

https://github.com/contao/core/commit/3123d6527ae6c46087b0ad8061eb8651cb645b8d

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/contao/core/commit/3123d6527ae6c46087b0ad8061eb8651cb645b8d

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2018-5478

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2018-5478

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/contao/core/CVE-2018-5478.yaml

reference_id

CVE-2018-5478.yaml

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-24T18:43:11Z/

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/contao/core/CVE-2018-5478.yaml

reference_url

https://security.snyk.io/vuln/SNYK-PHP-CONTAOCORE-70397

reference_id

SNYK-PHP-CONTAOCORE-70397

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-24T18:43:11Z/

url

https://security.snyk.io/vuln/SNYK-PHP-CONTAOCORE-70397

fixed_packages

url pkg:composer/contao/core@3.5.32

purl pkg:composer/contao/core@3.5.32

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2tyq-my7z-u7gt

vulnerability	VCID-n85r-h4ck-8yb4

vulnerability	VCID-y4v8-uegv-t3fm

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/contao/core@3.5.32

aliases CVE-2018-5478, GHSA-mpg7-2rx9-h5qp

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3dd2-swwc-2kgn

url VCID-g68d-qdm4-uya6

vulnerability_id VCID-g68d-qdm4-uya6

summary Cross-site scripting (XSS) vulnerability in flash/FlashMediaElement.as in MediaElement.js before 2.21.0, as used in WordPress before 4.5.2, allows remote attackers to inject arbitrary web script or HTML via an obfuscated form of the jsinitfunction parameter, as demonstrated by "jsinitfunctio%gn."

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2016-4567

reference_id

reference_type

scores

value	0.03167
scoring_system	epss
scoring_elements	0.87218
published_at	2026-06-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2016-4567

reference_url

https://codex.wordpress.org/Version_4.5.2

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://codex.wordpress.org/Version_4.5.2

reference_url

https://contao.org/en/news/contao-3_5_15.html

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://contao.org/en/news/contao-3_5_15.html

reference_url

https://core.trac.wordpress.org/changeset/37371

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://core.trac.wordpress.org/changeset/37371

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4567
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4567

reference_url

https://gist.github.com/cure53/df34ea68c26441f3ae98f821ba1feb9c

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://gist.github.com/cure53/df34ea68c26441f3ae98f821ba1feb9c

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/contao-components/mediaelement/CVE-2016-4567.yaml

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/contao-components/mediaelement/CVE-2016-4567.yaml

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/contao/core/CVE-2016-4567.yaml

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/contao/core/CVE-2016-4567.yaml

reference_url

https://github.com/johndyer/mediaelement/blob/master/changelog.md

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/johndyer/mediaelement/blob/master/changelog.md

reference_url

https://github.com/johndyer/mediaelement/commit/34834eef8ac830b9145df169ec22016a4350f06e

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/johndyer/mediaelement/commit/34834eef8ac830b9145df169ec22016a4350f06e

reference_url

https://github.com/mediaelement/mediaelement/blob/b992ccf5f0c04a207d98bbb0868420751a61ec90/changelog.md?plain=1#L1024

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/mediaelement/mediaelement/blob/b992ccf5f0c04a207d98bbb0868420751a61ec90/changelog.md?plain=1#L1024

reference_url

https://github.com/mediaelement/mediaelement/blob/master/changelog.md

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/mediaelement/mediaelement/blob/master/changelog.md

reference_url

https://github.com/mediaelement/mediaelement/commit/34834eef8ac830b9145df169ec22016a4350f06e

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/mediaelement/mediaelement/commit/34834eef8ac830b9145df169ec22016a4350f06e

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2016-4567

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2016-4567

reference_url

https://web.archive.org/web/20170205142412/http://www.securitytracker.com/id/1035818

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20170205142412/http://www.securitytracker.com/id/1035818

reference_url

https://wordpress.org/news/2016/05/wordpress-4-5-2

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://wordpress.org/news/2016/05/wordpress-4-5-2

reference_url

https://wpvulndb.com/vulnerabilities/8488

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://wpvulndb.com/vulnerabilities/8488

reference_url

http://www.openwall.com/lists/oss-security/2016/05/07/2

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2016/05/07/2

reference_url

http://www.securitytracker.com/id/1035818

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.securitytracker.com/id/1035818

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=823649
reference_id	823649
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=823649

reference_url	https://github.com/advisories/GHSA-277w-qpxr-2549
reference_id	GHSA-277w-qpxr-2549
reference_type
scores
url	https://github.com/advisories/GHSA-277w-qpxr-2549

fixed_packages

url pkg:composer/contao/core@3.5.15

purl pkg:composer/contao/core@3.5.15

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2tyq-my7z-u7gt

vulnerability	VCID-3dd2-swwc-2kgn

vulnerability	VCID-n6hu-u6yq-tye6

vulnerability	VCID-n85r-h4ck-8yb4

vulnerability	VCID-y4v8-uegv-t3fm

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/contao/core@3.5.15

aliases CVE-2016-4567, GHSA-277w-qpxr-2549

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-g68d-qdm4-uya6

url VCID-n6hu-u6yq-tye6

vulnerability_id VCID-n6hu-u6yq-tye6

summary Contao Core directory traversal vulnerability

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2017-10993

reference_id

reference_type

scores

value	0.00825
scoring_system	epss
scoring_elements	0.74909
published_at	2026-06-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2017-10993

reference_url

https://contao.org/en/news/contao-3_5_28.html

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://contao.org/en/news/contao-3_5_28.html

reference_url

https://contao.org/en/news/contao-4_4_1.html

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://contao.org/en/news/contao-4_4_1.html

reference_url	https://github.com/contao/core-bundle/commit/2a85914f4ba858780ffbac38a468acb7028772c7
reference_id
reference_type
scores
url	https://github.com/contao/core-bundle/commit/2a85914f4ba858780ffbac38a468acb7028772c7

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2017-10993

reference_id

CVE-2017-10993

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2017-10993

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/contao/contao/CVE-2017-10993.yaml

reference_id

CVE-2017-10993.YAML

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/contao/contao/CVE-2017-10993.yaml

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/contao/core-bundle/CVE-2017-10993.yaml

reference_id

CVE-2017-10993.YAML

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/contao/core-bundle/CVE-2017-10993.yaml

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/contao/core/CVE-2017-10993.yaml

reference_id

CVE-2017-10993.YAML

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/contao/core/CVE-2017-10993.yaml

reference_url

https://github.com/advisories/GHSA-x5g4-crxq-qxjx

reference_id

GHSA-x5g4-crxq-qxjx

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-x5g4-crxq-qxjx

fixed_packages

url pkg:composer/contao/core@3.5.28

purl pkg:composer/contao/core@3.5.28

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2tyq-my7z-u7gt

vulnerability	VCID-3dd2-swwc-2kgn

vulnerability	VCID-n85r-h4ck-8yb4

vulnerability	VCID-y4v8-uegv-t3fm

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/contao/core@3.5.28

aliases CVE-2017-10993, GHSA-x5g4-crxq-qxjx

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-n6hu-u6yq-tye6

url VCID-n85r-h4ck-8yb4

vulnerability_id VCID-n85r-h4ck-8yb4

summary

references

reference_url	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16558
reference_id
reference_type
scores
url	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16558

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2017-16558

reference_id

reference_type

scores

value	0.00288
scoring_system	epss
scoring_elements	0.52587
published_at	2026-06-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2017-16558

reference_url

https://contao.org/de/changelog/versions/4.4.html

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://contao.org/de/changelog/versions/4.4.html

reference_url

https://contao.org/en/news/contao-4_4_8.html

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://contao.org/en/news/contao-4_4_8.html

reference_url

https://github.com/contao/contao/blob/4.4.57/CHANGELOG.md#448-2017-11-15

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/contao/contao/blob/4.4.57/CHANGELOG.md#448-2017-11-15

reference_url

https://github.com/contao/contao/commit/501cb3cd34d61089b94e7ed78da53977bc71fc3e

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/contao/contao/commit/501cb3cd34d61089b94e7ed78da53977bc71fc3e

reference_url

https://github.com/contao/contao/commit/6b4a2711edf166c85cfd7a53fed6aea56d4f0544

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/contao/contao/commit/6b4a2711edf166c85cfd7a53fed6aea56d4f0544

reference_url	https://github.com/contao/core-bundle/commit/92598f97b513e0b831dbfd68d471c44c79c425a4
reference_id
reference_type
scores
url	https://github.com/contao/core-bundle/commit/92598f97b513e0b831dbfd68d471c44c79c425a4

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/contao/contao/CVE-2017-16558.yaml

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/contao/contao/CVE-2017-16558.yaml

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/contao/core-bundle/CVE-2017-16558.yaml

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/contao/core-bundle/CVE-2017-16558.yaml

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/contao/listing-bundle/CVE-2017-16558.yaml

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/contao/listing-bundle/CVE-2017-16558.yaml

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2017-16558

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2017-16558

fixed_packages

aliases CVE-2017-16558, GHSA-w38g-hj45-mjjp

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-n85r-h4ck-8yb4

url VCID-y4v8-uegv-t3fm

vulnerability_id VCID-y4v8-uegv-t3fm

summary

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-10641

reference_id

reference_type

scores

value	0.00266
scoring_system	epss
scoring_elements	0.50397
published_at	2026-06-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-10641

reference_url

https://contao.org/en/news/security-vulnerability-cve-2019-10641.html

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://contao.org/en/news/security-vulnerability-cve-2019-10641.html

reference_url

https://github.com/contao/contao/commit/74c7dfafa0dfa5363a9463b486522d5d526e28fe

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/contao/contao/commit/74c7dfafa0dfa5363a9463b486522d5d526e28fe

reference_url

https://github.com/contao/contao/commit/b92e27bc7c9e59226077937f840c74ffd0f672e8

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/contao/contao/commit/b92e27bc7c9e59226077937f840c74ffd0f672e8

reference_url

https://github.com/contao/core/commit/119a1b5bd9e62d27ca2838727084d04f3b7fcd32

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/contao/core/commit/119a1b5bd9e62d27ca2838727084d04f3b7fcd32

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/contao/contao/CVE-2019-10641.yaml

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/contao/contao/CVE-2019-10641.yaml

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/contao/core-bundle/CVE-2019-10641.yaml

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/contao/core-bundle/CVE-2019-10641.yaml

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/contao/core/CVE-2019-10641.yaml

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/contao/core/CVE-2019-10641.yaml

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2019-10641

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2019-10641

reference_url	https://github.com/advisories/GHSA-vcgg-hp4r-87gx
reference_id	GHSA-vcgg-hp4r-87gx
reference_type
scores
url	https://github.com/advisories/GHSA-vcgg-hp4r-87gx

fixed_packages

url pkg:composer/contao/core@3.5.39

purl pkg:composer/contao/core@3.5.39

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-n85r-h4ck-8yb4

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/contao/core@3.5.39

aliases CVE-2019-10641, GHSA-vcgg-hp4r-87gx

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-y4v8-uegv-t3fm

Fixing_vulnerabilities

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:composer/contao/core@3.3.2

Package Instance