Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:composer/contao/core-bundle@4.4.17
Typecomposer
Namespacecontao
Namecore-bundle
Version4.4.17
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version4.13.57
Latest_non_vulnerable_version5.6.5
Affected_by_vulnerabilities
0
url VCID-1711-b1vf-7ueh
vulnerability_id VCID-1711-b1vf-7ueh
summary Contao Information Disclosure via Access Control Flaws
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-20028
reference_id
reference_type
scores
0
value 0.0027
scoring_system epss
scoring_elements 0.50764
published_at 2026-06-11T12:55:00Z
1
value 0.0027
scoring_system epss
scoring_elements 0.50914
published_at 2026-06-13T12:55:00Z
2
value 0.0027
scoring_system epss
scoring_elements 0.50898
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-20028
1
reference_url https://contao.org/en/news.html
reference_id
reference_type
scores
url https://contao.org/en/news.html
2
reference_url https://contao.org/en/news/security-vulnerability-cve-2018-20028.html
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://contao.org/en/news/security-vulnerability-cve-2018-20028.html
3
reference_url https://github.com/contao/contao/commit/bbe5fe1d385cd1195670e2d6b972272133443c59
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/contao/contao/commit/bbe5fe1d385cd1195670e2d6b972272133443c59
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-20028
reference_id CVE-2018-20028
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2018-20028
5
reference_url https://github.com/advisories/GHSA-q99w-j4mj-7hj8
reference_id GHSA-q99w-j4mj-7hj8
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-q99w-j4mj-7hj8
fixed_packages
0
url pkg:composer/contao/core-bundle@4.4.31
purl pkg:composer/contao/core-bundle@4.4.31
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2hkz-2zs1-syga
1
vulnerability VCID-2vv2-ej4n-jkap
2
vulnerability VCID-37bz-3y5f-k3ca
3
vulnerability VCID-3ryj-767z-87bq
4
vulnerability VCID-48eq-peme-jyh7
5
vulnerability VCID-6gfx-t3ns-vuby
6
vulnerability VCID-6rht-mw5a-57gn
7
vulnerability VCID-apv4-1x4w-kkcg
8
vulnerability VCID-baa6-3fxe-4udp
9
vulnerability VCID-bzd7-n1ak-mug7
10
vulnerability VCID-cyty-bpmd-xyc3
11
vulnerability VCID-dgnu-4z5a-1bf7
12
vulnerability VCID-j3e7-e9v2-5yh5
13
vulnerability VCID-nk2j-myr2-qfgn
14
vulnerability VCID-p4zh-cenk-rkff
15
vulnerability VCID-tchf-hfgv-e3ca
16
vulnerability VCID-ubr4-jj9v-3kcx
17
vulnerability VCID-vfxq-ytb6-aybb
18
vulnerability VCID-y4v8-uegv-t3fm
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/contao/core-bundle@4.4.31
1
url pkg:composer/contao/core-bundle@4.6.11
purl pkg:composer/contao/core-bundle@4.6.11
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2hkz-2zs1-syga
1
vulnerability VCID-2vv2-ej4n-jkap
2
vulnerability VCID-37bz-3y5f-k3ca
3
vulnerability VCID-3ryj-767z-87bq
4
vulnerability VCID-6gfx-t3ns-vuby
5
vulnerability VCID-6rht-mw5a-57gn
6
vulnerability VCID-apv4-1x4w-kkcg
7
vulnerability VCID-baa6-3fxe-4udp
8
vulnerability VCID-bzd7-n1ak-mug7
9
vulnerability VCID-cyty-bpmd-xyc3
10
vulnerability VCID-dgnu-4z5a-1bf7
11
vulnerability VCID-j3e7-e9v2-5yh5
12
vulnerability VCID-nk2j-myr2-qfgn
13
vulnerability VCID-p4zh-cenk-rkff
14
vulnerability VCID-tchf-hfgv-e3ca
15
vulnerability VCID-tsys-ek4k-z7aw
16
vulnerability VCID-ubr4-jj9v-3kcx
17
vulnerability VCID-vfxq-ytb6-aybb
18
vulnerability VCID-y4v8-uegv-t3fm
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/contao/core-bundle@4.6.11
aliases CVE-2018-20028, GHSA-q99w-j4mj-7hj8
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1711-b1vf-7ueh
1
url VCID-2hkz-2zs1-syga
vulnerability_id VCID-2hkz-2zs1-syga
summary Contao is an open source content management system. Prior to version 4.13.40, when a frontend member changes their password in the personal data or the password lost module, the corresponding remember-me tokens are not removed. If someone compromises an account and is able to get a remember-me token, changing the password would not be enough to reclaim control over the account. Version 4.13.40 contains a fix for the issue. As a workaround, disable "Allow auto login" in the login module.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-30262
reference_id
reference_type
scores
0
value 0.00364
scoring_system epss
scoring_elements 0.58847
published_at 2026-06-11T12:55:00Z
1
value 0.00364
scoring_system epss
scoring_elements 0.5897
published_at 2026-06-13T12:55:00Z
2
value 0.00364
scoring_system epss
scoring_elements 0.58958
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-30262
1
reference_url https://contao.org/en/security-advisories/remember-me-tokens-are-not-cleared-after-a-password-change
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://contao.org/en/security-advisories/remember-me-tokens-are-not-cleared-after-a-password-change
2
reference_url https://github.com/contao/contao
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/contao/contao
3
reference_url https://github.com/contao/contao/commit/3032baa456f607169ffae82a8920354adb338fe9
reference_id 3032baa456f607169ffae82a8920354adb338fe9
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-10T19:19:06Z/
url https://github.com/contao/contao/commit/3032baa456f607169ffae82a8920354adb338fe9
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-30262
reference_id CVE-2024-30262
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-30262
5
reference_url https://github.com/advisories/GHSA-r4r6-j2j3-7pp5
reference_id GHSA-r4r6-j2j3-7pp5
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-r4r6-j2j3-7pp5
6
reference_url https://github.com/contao/contao/security/advisories/GHSA-r4r6-j2j3-7pp5
reference_id GHSA-r4r6-j2j3-7pp5
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-10T19:19:06Z/
url https://github.com/contao/contao/security/advisories/GHSA-r4r6-j2j3-7pp5
fixed_packages
0
url pkg:composer/contao/core-bundle@4.13.40
purl pkg:composer/contao/core-bundle@4.13.40
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-37bz-3y5f-k3ca
1
vulnerability VCID-9fgc-p6aq-vygh
2
vulnerability VCID-gm48-5kg3-r7c8
3
vulnerability VCID-nk2j-myr2-qfgn
4
vulnerability VCID-tchf-hfgv-e3ca
5
vulnerability VCID-ubr4-jj9v-3kcx
6
vulnerability VCID-vfxq-ytb6-aybb
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/contao/core-bundle@4.13.40
1
url pkg:composer/contao/core-bundle@5.0.0-RC1
purl pkg:composer/contao/core-bundle@5.0.0-RC1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-37bz-3y5f-k3ca
1
vulnerability VCID-6gfx-t3ns-vuby
2
vulnerability VCID-9fgc-p6aq-vygh
3
vulnerability VCID-j3e7-e9v2-5yh5
4
vulnerability VCID-sng8-95gj-t7bh
5
vulnerability VCID-tchf-hfgv-e3ca
6
vulnerability VCID-w65y-66s4-qbgy
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/contao/core-bundle@5.0.0-RC1
aliases CVE-2024-30262, GHSA-r4r6-j2j3-7pp5
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2hkz-2zs1-syga
2
url VCID-2vv2-ej4n-jkap
vulnerability_id VCID-2vv2-ej4n-jkap
summary Contao is an open source content management system. Starting in version 4.0.0 and prior to versions 4.9.42, 4.13.28, and 5.1.10, it is possible for untrusted backend users to inject malicious code into headline fields in the back end, which will be executed both in the element preview (back end) and on the website (front end). Installations are only affected if there are untrusted back end users who have the rights to modify headline fields, or other fields using the input unit widget. Contao 4.9.42, 4.13.28, and 5.1.10 have a patch for this issue. As a workaround, disable the login for all untrusted back end users.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-36806
reference_id
reference_type
scores
0
value 0.00384
scoring_system epss
scoring_elements 0.60072
published_at 2026-06-11T12:55:00Z
1
value 0.00384
scoring_system epss
scoring_elements 0.60191
published_at 2026-06-13T12:55:00Z
2
value 0.00384
scoring_system epss
scoring_elements 0.6018
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-36806
1
reference_url https://github.com/contao/contao
reference_id
reference_type
scores
0
value 6.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/contao/contao
2
reference_url https://herolab.usd.de/security-advisories/usd-2023-0020
reference_id
reference_type
scores
0
value 6.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://herolab.usd.de/security-advisories/usd-2023-0020
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-36806
reference_id
reference_type
scores
0
value 6.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-36806
4
reference_url https://github.com/contao/contao/commit/5c9aff32cfc1f7dc452a045862ac2f86a6b9b4b4
reference_id 5c9aff32cfc1f7dc452a045862ac2f86a6b9b4b4
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L
1
value 6.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-23T18:55:31Z/
url https://github.com/contao/contao/commit/5c9aff32cfc1f7dc452a045862ac2f86a6b9b4b4
5
reference_url https://github.com/contao/contao/commit/c98585d36baa25fda69c062421e7e7eadc53c82b
reference_id c98585d36baa25fda69c062421e7e7eadc53c82b
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L
1
value 6.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-23T18:55:31Z/
url https://github.com/contao/contao/commit/c98585d36baa25fda69c062421e7e7eadc53c82b
6
reference_url https://github.com/contao/contao/commit/ccb64c777eb0f9c0e6490c9135d80e915d37cd32
reference_id ccb64c777eb0f9c0e6490c9135d80e915d37cd32
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L
1
value 6.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-23T18:55:31Z/
url https://github.com/contao/contao/commit/ccb64c777eb0f9c0e6490c9135d80e915d37cd32
7
reference_url https://github.com/advisories/GHSA-4gpr-p634-922x
reference_id GHSA-4gpr-p634-922x
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-4gpr-p634-922x
8
reference_url https://github.com/contao/contao/security/advisories/GHSA-4gpr-p634-922x
reference_id GHSA-4gpr-p634-922x
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L
1
value 6.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L
2
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-23T18:55:31Z/
url https://github.com/contao/contao/security/advisories/GHSA-4gpr-p634-922x
9
reference_url https://herolab.usd.de/security-advisories/usd-2023-0020/
reference_id usd-2023-0020
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-23T18:55:31Z/
url https://herolab.usd.de/security-advisories/usd-2023-0020/
fixed_packages
0
url pkg:composer/contao/core-bundle@4.9.42
purl pkg:composer/contao/core-bundle@4.9.42
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2hkz-2zs1-syga
1
vulnerability VCID-37bz-3y5f-k3ca
2
vulnerability VCID-6gfx-t3ns-vuby
3
vulnerability VCID-9fgc-p6aq-vygh
4
vulnerability VCID-j3e7-e9v2-5yh5
5
vulnerability VCID-nk2j-myr2-qfgn
6
vulnerability VCID-sng8-95gj-t7bh
7
vulnerability VCID-tchf-hfgv-e3ca
8
vulnerability VCID-ubr4-jj9v-3kcx
9
vulnerability VCID-vfxq-ytb6-aybb
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/contao/core-bundle@4.9.42
1
url pkg:composer/contao/core-bundle@4.10.0-RC1
purl pkg:composer/contao/core-bundle@4.10.0-RC1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2hkz-2zs1-syga
1
vulnerability VCID-37bz-3y5f-k3ca
2
vulnerability VCID-6gfx-t3ns-vuby
3
vulnerability VCID-6rht-mw5a-57gn
4
vulnerability VCID-9fgc-p6aq-vygh
5
vulnerability VCID-j3e7-e9v2-5yh5
6
vulnerability VCID-nk2j-myr2-qfgn
7
vulnerability VCID-sng8-95gj-t7bh
8
vulnerability VCID-tchf-hfgv-e3ca
9
vulnerability VCID-ubr4-jj9v-3kcx
10
vulnerability VCID-vfxq-ytb6-aybb
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/contao/core-bundle@4.10.0-RC1
2
url pkg:composer/contao/core-bundle@4.13.28
purl pkg:composer/contao/core-bundle@4.13.28
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2hkz-2zs1-syga
1
vulnerability VCID-37bz-3y5f-k3ca
2
vulnerability VCID-6gfx-t3ns-vuby
3
vulnerability VCID-9fgc-p6aq-vygh
4
vulnerability VCID-gm48-5kg3-r7c8
5
vulnerability VCID-j3e7-e9v2-5yh5
6
vulnerability VCID-nk2j-myr2-qfgn
7
vulnerability VCID-sng8-95gj-t7bh
8
vulnerability VCID-tchf-hfgv-e3ca
9
vulnerability VCID-ubr4-jj9v-3kcx
10
vulnerability VCID-vfxq-ytb6-aybb
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/contao/core-bundle@4.13.28
3
url pkg:composer/contao/core-bundle@5.0.0-RC1
purl pkg:composer/contao/core-bundle@5.0.0-RC1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-37bz-3y5f-k3ca
1
vulnerability VCID-6gfx-t3ns-vuby
2
vulnerability VCID-9fgc-p6aq-vygh
3
vulnerability VCID-j3e7-e9v2-5yh5
4
vulnerability VCID-sng8-95gj-t7bh
5
vulnerability VCID-tchf-hfgv-e3ca
6
vulnerability VCID-w65y-66s4-qbgy
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/contao/core-bundle@5.0.0-RC1
4
url pkg:composer/contao/core-bundle@5.1.10
purl pkg:composer/contao/core-bundle@5.1.10
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-37bz-3y5f-k3ca
1
vulnerability VCID-6gfx-t3ns-vuby
2
vulnerability VCID-9fgc-p6aq-vygh
3
vulnerability VCID-bmg9-saw6-efhd
4
vulnerability VCID-gm48-5kg3-r7c8
5
vulnerability VCID-j3e7-e9v2-5yh5
6
vulnerability VCID-sng8-95gj-t7bh
7
vulnerability VCID-tchf-hfgv-e3ca
8
vulnerability VCID-vfxq-ytb6-aybb
9
vulnerability VCID-w65y-66s4-qbgy
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/contao/core-bundle@5.1.10
5
url pkg:composer/contao/core-bundle@5.2.0-RC1
purl pkg:composer/contao/core-bundle@5.2.0-RC1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-37bz-3y5f-k3ca
1
vulnerability VCID-6gfx-t3ns-vuby
2
vulnerability VCID-9fgc-p6aq-vygh
3
vulnerability VCID-bmg9-saw6-efhd
4
vulnerability VCID-gm48-5kg3-r7c8
5
vulnerability VCID-j3e7-e9v2-5yh5
6
vulnerability VCID-sng8-95gj-t7bh
7
vulnerability VCID-tchf-hfgv-e3ca
8
vulnerability VCID-vfxq-ytb6-aybb
9
vulnerability VCID-w65y-66s4-qbgy
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/contao/core-bundle@5.2.0-RC1
aliases CVE-2023-36806, GHSA-4gpr-p634-922x
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2vv2-ej4n-jkap
3
url VCID-37bz-3y5f-k3ca
vulnerability_id VCID-37bz-3y5f-k3ca
summary Contao is an Open Source CMS. From version 4.0.0 to before 4.13.57, before 5.3.42, and before 5.6.5, it is possible to inject code into the template output that will be executed in the browser in the front end and back end. This issue has been patched in versions 4.13.57, 5.3.42, and 5.6.5. A workaround for this issue involves not using the affected templates or patch them manually.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-65961
reference_id
reference_type
scores
0
value 0.0002
scoring_system epss
scoring_elements 0.05758
published_at 2026-06-12T12:55:00Z
1
value 0.0002
scoring_system epss
scoring_elements 0.05749
published_at 2026-06-13T12:55:00Z
2
value 0.0002
scoring_system epss
scoring_elements 0.05734
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-65961
1
reference_url https://github.com/contao/contao
reference_id
reference_type
scores
0
value 3.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/contao/contao
2
reference_url https://contao.org/en/security-advisories/cross-site-scripting-in-templates
reference_id cross-site-scripting-in-templates
reference_type
scores
0
value 3.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-25T19:28:53Z/
url https://contao.org/en/security-advisories/cross-site-scripting-in-templates
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-65961
reference_id CVE-2025-65961
reference_type
scores
0
value 3.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-65961
4
reference_url https://github.com/advisories/GHSA-68q5-78xp-cwwc
reference_id GHSA-68q5-78xp-cwwc
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-68q5-78xp-cwwc
5
reference_url https://github.com/contao/contao/security/advisories/GHSA-68q5-78xp-cwwc
reference_id GHSA-68q5-78xp-cwwc
reference_type
scores
0
value 3.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:N
1
value LOW
scoring_system cvssv3.1_qr
scoring_elements
2
value LOW
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-25T19:28:53Z/
url https://github.com/contao/contao/security/advisories/GHSA-68q5-78xp-cwwc
fixed_packages
0
url pkg:composer/contao/core-bundle@4.13.57
purl pkg:composer/contao/core-bundle@4.13.57
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/contao/core-bundle@4.13.57
1
url pkg:composer/contao/core-bundle@5.3.42
purl pkg:composer/contao/core-bundle@5.3.42
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/contao/core-bundle@5.3.42
2
url pkg:composer/contao/core-bundle@5.6.5
purl pkg:composer/contao/core-bundle@5.6.5
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/contao/core-bundle@5.6.5
aliases CVE-2025-65961, GHSA-68q5-78xp-cwwc
risk_score 1.5
exploitability 0.5
weighted_severity 3.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-37bz-3y5f-k3ca
4
url VCID-3ryj-767z-87bq
vulnerability_id VCID-3ryj-767z-87bq
summary
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-37626
reference_id
reference_type
scores
0
value 0.00492
scoring_system epss
scoring_elements 0.66109
published_at 2026-06-11T12:55:00Z
1
value 0.00492
scoring_system epss
scoring_elements 0.66202
published_at 2026-06-12T12:55:00Z
2
value 0.00492
scoring_system epss
scoring_elements 0.66217
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-37626
1
reference_url https://contao.org/en/security-advisories/php-file-inclusion-via-insert-tags.html
reference_id
reference_type
scores
0
value 6.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://contao.org/en/security-advisories/php-file-inclusion-via-insert-tags.html
2
reference_url https://github.com/contao/contao
reference_id
reference_type
scores
0
value 6.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/contao/contao
3
reference_url https://github.com/contao/contao/security/advisories/GHSA-r6mv-ppjc-4hgr
reference_id
reference_type
scores
0
value 6.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/contao/contao/security/advisories/GHSA-r6mv-ppjc-4hgr
4
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/contao/contao/CVE-2021-37626.yaml
reference_id
reference_type
scores
0
value 6.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/contao/contao/CVE-2021-37626.yaml
5
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/contao/core-bundle/CVE-2021-37626.yaml
reference_id
reference_type
scores
0
value 6.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/contao/core-bundle/CVE-2021-37626.yaml
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-37626
reference_id
reference_type
scores
0
value 6.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-37626
7
reference_url https://github.com/advisories/GHSA-r6mv-ppjc-4hgr
reference_id GHSA-r6mv-ppjc-4hgr
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-r6mv-ppjc-4hgr
fixed_packages
0
url pkg:composer/contao/core-bundle@4.4.56
purl pkg:composer/contao/core-bundle@4.4.56
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2hkz-2zs1-syga
1
vulnerability VCID-2vv2-ej4n-jkap
2
vulnerability VCID-37bz-3y5f-k3ca
3
vulnerability VCID-3ryj-767z-87bq
4
vulnerability VCID-6gfx-t3ns-vuby
5
vulnerability VCID-6rht-mw5a-57gn
6
vulnerability VCID-baa6-3fxe-4udp
7
vulnerability VCID-bzd7-n1ak-mug7
8
vulnerability VCID-j3e7-e9v2-5yh5
9
vulnerability VCID-nk2j-myr2-qfgn
10
vulnerability VCID-tchf-hfgv-e3ca
11
vulnerability VCID-ubr4-jj9v-3kcx
12
vulnerability VCID-vfxq-ytb6-aybb
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/contao/core-bundle@4.4.56
1
url pkg:composer/contao/core-bundle@4.5.0-RC1
purl pkg:composer/contao/core-bundle@4.5.0-RC1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2hkz-2zs1-syga
1
vulnerability VCID-2vv2-ej4n-jkap
2
vulnerability VCID-37bz-3y5f-k3ca
3
vulnerability VCID-6gfx-t3ns-vuby
4
vulnerability VCID-6rht-mw5a-57gn
5
vulnerability VCID-bzd7-n1ak-mug7
6
vulnerability VCID-j3e7-e9v2-5yh5
7
vulnerability VCID-nk2j-myr2-qfgn
8
vulnerability VCID-tchf-hfgv-e3ca
9
vulnerability VCID-ubr4-jj9v-3kcx
10
vulnerability VCID-vfxq-ytb6-aybb
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/contao/core-bundle@4.5.0-RC1
2
url pkg:composer/contao/core-bundle@4.9.18
purl pkg:composer/contao/core-bundle@4.9.18
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2hkz-2zs1-syga
1
vulnerability VCID-2vv2-ej4n-jkap
2
vulnerability VCID-37bz-3y5f-k3ca
3
vulnerability VCID-3ryj-767z-87bq
4
vulnerability VCID-6gfx-t3ns-vuby
5
vulnerability VCID-6rht-mw5a-57gn
6
vulnerability VCID-9fgc-p6aq-vygh
7
vulnerability VCID-baa6-3fxe-4udp
8
vulnerability VCID-bzd7-n1ak-mug7
9
vulnerability VCID-j3e7-e9v2-5yh5
10
vulnerability VCID-nk2j-myr2-qfgn
11
vulnerability VCID-sng8-95gj-t7bh
12
vulnerability VCID-tchf-hfgv-e3ca
13
vulnerability VCID-ubr4-jj9v-3kcx
14
vulnerability VCID-vfxq-ytb6-aybb
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/contao/core-bundle@4.9.18
3
url pkg:composer/contao/core-bundle@4.9.19
purl pkg:composer/contao/core-bundle@4.9.19
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2hkz-2zs1-syga
1
vulnerability VCID-2vv2-ej4n-jkap
2
vulnerability VCID-37bz-3y5f-k3ca
3
vulnerability VCID-6gfx-t3ns-vuby
4
vulnerability VCID-6rht-mw5a-57gn
5
vulnerability VCID-9fgc-p6aq-vygh
6
vulnerability VCID-bzd7-n1ak-mug7
7
vulnerability VCID-j3e7-e9v2-5yh5
8
vulnerability VCID-nk2j-myr2-qfgn
9
vulnerability VCID-sng8-95gj-t7bh
10
vulnerability VCID-tchf-hfgv-e3ca
11
vulnerability VCID-ubr4-jj9v-3kcx
12
vulnerability VCID-vfxq-ytb6-aybb
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/contao/core-bundle@4.9.19
4
url pkg:composer/contao/core-bundle@4.10.0-RC1
purl pkg:composer/contao/core-bundle@4.10.0-RC1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2hkz-2zs1-syga
1
vulnerability VCID-37bz-3y5f-k3ca
2
vulnerability VCID-6gfx-t3ns-vuby
3
vulnerability VCID-6rht-mw5a-57gn
4
vulnerability VCID-9fgc-p6aq-vygh
5
vulnerability VCID-j3e7-e9v2-5yh5
6
vulnerability VCID-nk2j-myr2-qfgn
7
vulnerability VCID-sng8-95gj-t7bh
8
vulnerability VCID-tchf-hfgv-e3ca
9
vulnerability VCID-ubr4-jj9v-3kcx
10
vulnerability VCID-vfxq-ytb6-aybb
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/contao/core-bundle@4.10.0-RC1
5
url pkg:composer/contao/core-bundle@4.11.7
purl pkg:composer/contao/core-bundle@4.11.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2hkz-2zs1-syga
1
vulnerability VCID-2vv2-ej4n-jkap
2
vulnerability VCID-37bz-3y5f-k3ca
3
vulnerability VCID-3ryj-767z-87bq
4
vulnerability VCID-6gfx-t3ns-vuby
5
vulnerability VCID-6rht-mw5a-57gn
6
vulnerability VCID-9fgc-p6aq-vygh
7
vulnerability VCID-baa6-3fxe-4udp
8
vulnerability VCID-bzd7-n1ak-mug7
9
vulnerability VCID-j3e7-e9v2-5yh5
10
vulnerability VCID-nk2j-myr2-qfgn
11
vulnerability VCID-sng8-95gj-t7bh
12
vulnerability VCID-tchf-hfgv-e3ca
13
vulnerability VCID-ubr4-jj9v-3kcx
14
vulnerability VCID-vfxq-ytb6-aybb
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/contao/core-bundle@4.11.7
6
url pkg:composer/contao/core-bundle@4.11.8
purl pkg:composer/contao/core-bundle@4.11.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2hkz-2zs1-syga
1
vulnerability VCID-2vv2-ej4n-jkap
2
vulnerability VCID-37bz-3y5f-k3ca
3
vulnerability VCID-6gfx-t3ns-vuby
4
vulnerability VCID-6rht-mw5a-57gn
5
vulnerability VCID-9fgc-p6aq-vygh
6
vulnerability VCID-bzd7-n1ak-mug7
7
vulnerability VCID-j3e7-e9v2-5yh5
8
vulnerability VCID-nk2j-myr2-qfgn
9
vulnerability VCID-sng8-95gj-t7bh
10
vulnerability VCID-tchf-hfgv-e3ca
11
vulnerability VCID-ubr4-jj9v-3kcx
12
vulnerability VCID-vfxq-ytb6-aybb
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/contao/core-bundle@4.11.8
7
url pkg:composer/contao/core-bundle@4.12.0-RC1
purl pkg:composer/contao/core-bundle@4.12.0-RC1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2hkz-2zs1-syga
1
vulnerability VCID-2vv2-ej4n-jkap
2
vulnerability VCID-37bz-3y5f-k3ca
3
vulnerability VCID-6gfx-t3ns-vuby
4
vulnerability VCID-6rht-mw5a-57gn
5
vulnerability VCID-9fgc-p6aq-vygh
6
vulnerability VCID-bzd7-n1ak-mug7
7
vulnerability VCID-j3e7-e9v2-5yh5
8
vulnerability VCID-nk2j-myr2-qfgn
9
vulnerability VCID-sng8-95gj-t7bh
10
vulnerability VCID-tchf-hfgv-e3ca
11
vulnerability VCID-ubr4-jj9v-3kcx
12
vulnerability VCID-vfxq-ytb6-aybb
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/contao/core-bundle@4.12.0-RC1
aliases CVE-2021-37626, GHSA-r6mv-ppjc-4hgr
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3ryj-767z-87bq
5
url VCID-48eq-peme-jyh7
vulnerability_id VCID-48eq-peme-jyh7
summary Contao Insert tag injection in forms
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-25768
reference_id
reference_type
scores
0
value 0.0031
scoring_system epss
scoring_elements 0.54732
published_at 2026-06-13T12:55:00Z
1
value 0.0031
scoring_system epss
scoring_elements 0.54591
published_at 2026-06-11T12:55:00Z
2
value 0.0031
scoring_system epss
scoring_elements 0.54716
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-25768
1
reference_url https://community.contao.org/en/forumdisplay.php?4-Announcements
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://community.contao.org/en/forumdisplay.php?4-Announcements
2
reference_url https://contao.org/en/security-advisories/insert-tag-injection-in-forms.html
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://contao.org/en/security-advisories/insert-tag-injection-in-forms.html
3
reference_url https://github.com/contao/contao
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/contao/contao
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-25768
reference_id CVE-2020-25768
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-25768
5
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/contao/contao/CVE-2020-25768.yaml
reference_id CVE-2020-25768.YAML
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/contao/contao/CVE-2020-25768.yaml
6
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/contao/core-bundle/CVE-2020-25768.yaml
reference_id CVE-2020-25768.YAML
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/contao/core-bundle/CVE-2020-25768.yaml
7
reference_url https://github.com/advisories/GHSA-f7wm-x4gw-6m23
reference_id GHSA-f7wm-x4gw-6m23
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-f7wm-x4gw-6m23
8
reference_url https://github.com/contao/contao/security/advisories/GHSA-f7wm-x4gw-6m23
reference_id GHSA-f7wm-x4gw-6m23
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/contao/contao/security/advisories/GHSA-f7wm-x4gw-6m23
fixed_packages
0
url pkg:composer/contao/core-bundle@4.4.52
purl pkg:composer/contao/core-bundle@4.4.52
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2hkz-2zs1-syga
1
vulnerability VCID-2vv2-ej4n-jkap
2
vulnerability VCID-37bz-3y5f-k3ca
3
vulnerability VCID-3ryj-767z-87bq
4
vulnerability VCID-6gfx-t3ns-vuby
5
vulnerability VCID-6rht-mw5a-57gn
6
vulnerability VCID-apv4-1x4w-kkcg
7
vulnerability VCID-baa6-3fxe-4udp
8
vulnerability VCID-bzd7-n1ak-mug7
9
vulnerability VCID-j3e7-e9v2-5yh5
10
vulnerability VCID-nk2j-myr2-qfgn
11
vulnerability VCID-tchf-hfgv-e3ca
12
vulnerability VCID-ubr4-jj9v-3kcx
13
vulnerability VCID-vfxq-ytb6-aybb
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/contao/core-bundle@4.4.52
1
url pkg:composer/contao/core-bundle@4.9.6
purl pkg:composer/contao/core-bundle@4.9.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2hkz-2zs1-syga
1
vulnerability VCID-2vv2-ej4n-jkap
2
vulnerability VCID-37bz-3y5f-k3ca
3
vulnerability VCID-3ryj-767z-87bq
4
vulnerability VCID-6gfx-t3ns-vuby
5
vulnerability VCID-6rht-mw5a-57gn
6
vulnerability VCID-apv4-1x4w-kkcg
7
vulnerability VCID-baa6-3fxe-4udp
8
vulnerability VCID-bzd7-n1ak-mug7
9
vulnerability VCID-j3e7-e9v2-5yh5
10
vulnerability VCID-nk2j-myr2-qfgn
11
vulnerability VCID-sng8-95gj-t7bh
12
vulnerability VCID-tchf-hfgv-e3ca
13
vulnerability VCID-tsys-ek4k-z7aw
14
vulnerability VCID-ubr4-jj9v-3kcx
15
vulnerability VCID-vfxq-ytb6-aybb
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/contao/core-bundle@4.9.6
2
url pkg:composer/contao/core-bundle@4.10.1
purl pkg:composer/contao/core-bundle@4.10.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2hkz-2zs1-syga
1
vulnerability VCID-2vv2-ej4n-jkap
2
vulnerability VCID-37bz-3y5f-k3ca
3
vulnerability VCID-3ryj-767z-87bq
4
vulnerability VCID-6gfx-t3ns-vuby
5
vulnerability VCID-6rht-mw5a-57gn
6
vulnerability VCID-9fgc-p6aq-vygh
7
vulnerability VCID-apv4-1x4w-kkcg
8
vulnerability VCID-baa6-3fxe-4udp
9
vulnerability VCID-bzd7-n1ak-mug7
10
vulnerability VCID-j3e7-e9v2-5yh5
11
vulnerability VCID-nk2j-myr2-qfgn
12
vulnerability VCID-sng8-95gj-t7bh
13
vulnerability VCID-tchf-hfgv-e3ca
14
vulnerability VCID-tsys-ek4k-z7aw
15
vulnerability VCID-ubr4-jj9v-3kcx
16
vulnerability VCID-vfxq-ytb6-aybb
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/contao/core-bundle@4.10.1
aliases CVE-2020-25768, GHSA-f7wm-x4gw-6m23
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-48eq-peme-jyh7
6
url VCID-6gfx-t3ns-vuby
vulnerability_id VCID-6gfx-t3ns-vuby
summary Contao is an open source content management system. Starting in version 4.0.0 and prior to version 4.13.40 and 5.3.4, users can inject malicious code in filenames when uploading files (back end and front end), which is then executed in tooltips and popups in the back end. Contao versions 4.13.40 and 5.3.4 have a patch for this issue. As a workaround, remove upload fields from frontend forms and disable uploads for untrusted back end users.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-28190
reference_id
reference_type
scores
0
value 0.00987
scoring_system epss
scoring_elements 0.77356
published_at 2026-06-13T12:55:00Z
1
value 0.00987
scoring_system epss
scoring_elements 0.77273
published_at 2026-06-11T12:55:00Z
2
value 0.00987
scoring_system epss
scoring_elements 0.77344
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-28190
1
reference_url https://github.com/contao/contao
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/contao/contao
2
reference_url https://github.com/contao/contao/commit/878d28dbe0f408740555d6fc8b634bd3f8febfce
reference_id 878d28dbe0f408740555d6fc8b634bd3f8febfce
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-09T17:12:31Z/
url https://github.com/contao/contao/commit/878d28dbe0f408740555d6fc8b634bd3f8febfce
3
reference_url https://github.com/contao/contao/commit/b794e14fff070101bf6a885da9b1a83395093b4d
reference_id b794e14fff070101bf6a885da9b1a83395093b4d
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-09T17:12:31Z/
url https://github.com/contao/contao/commit/b794e14fff070101bf6a885da9b1a83395093b4d
4
reference_url https://contao.org/en/security-advisories/cross-site-scripting-in-the-file-manager
reference_id cross-site-scripting-in-the-file-manager
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-09T17:12:31Z/
url https://contao.org/en/security-advisories/cross-site-scripting-in-the-file-manager
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-28190
reference_id CVE-2024-28190
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-28190
6
reference_url https://github.com/advisories/GHSA-v24p-7p4j-qvvf
reference_id GHSA-v24p-7p4j-qvvf
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-v24p-7p4j-qvvf
7
reference_url https://github.com/contao/contao/security/advisories/GHSA-v24p-7p4j-qvvf
reference_id GHSA-v24p-7p4j-qvvf
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-09T17:12:31Z/
url https://github.com/contao/contao/security/advisories/GHSA-v24p-7p4j-qvvf
fixed_packages
0
url pkg:composer/contao/core-bundle@4.13.40
purl pkg:composer/contao/core-bundle@4.13.40
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-37bz-3y5f-k3ca
1
vulnerability VCID-9fgc-p6aq-vygh
2
vulnerability VCID-gm48-5kg3-r7c8
3
vulnerability VCID-nk2j-myr2-qfgn
4
vulnerability VCID-tchf-hfgv-e3ca
5
vulnerability VCID-ubr4-jj9v-3kcx
6
vulnerability VCID-vfxq-ytb6-aybb
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/contao/core-bundle@4.13.40
1
url pkg:composer/contao/core-bundle@5.3.4
purl pkg:composer/contao/core-bundle@5.3.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-37bz-3y5f-k3ca
1
vulnerability VCID-4s26-ndpg-jkcy
2
vulnerability VCID-9fgc-p6aq-vygh
3
vulnerability VCID-bmg9-saw6-efhd
4
vulnerability VCID-gm48-5kg3-r7c8
5
vulnerability VCID-tchf-hfgv-e3ca
6
vulnerability VCID-ubr4-jj9v-3kcx
7
vulnerability VCID-vfxq-ytb6-aybb
8
vulnerability VCID-w65y-66s4-qbgy
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/contao/core-bundle@5.3.4
2
url pkg:composer/contao/core-bundle@5.5.4
purl pkg:composer/contao/core-bundle@5.5.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-37bz-3y5f-k3ca
1
vulnerability VCID-4s26-ndpg-jkcy
2
vulnerability VCID-9fgc-p6aq-vygh
3
vulnerability VCID-bmg9-saw6-efhd
4
vulnerability VCID-tchf-hfgv-e3ca
5
vulnerability VCID-ubr4-jj9v-3kcx
6
vulnerability VCID-w65y-66s4-qbgy
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/contao/core-bundle@5.5.4
aliases CVE-2024-28190, GHSA-v24p-7p4j-qvvf
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6gfx-t3ns-vuby
7
url VCID-6rht-mw5a-57gn
vulnerability_id VCID-6rht-mw5a-57gn
summary 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Cross-site Scripting (XSS) in GitHub repository contao/contao prior to 4.13.3. Attacker can execute Malicious JS in Application :)
references
0
reference_url https://huntr.dev/bounties/df46e285-1b7f-403c-8f6c-8819e42deb80
reference_id
reference_type
scores
url https://huntr.dev/bounties/df46e285-1b7f-403c-8f6c-8819e42deb80
1
reference_url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/50945.tzt
reference_id CVE-2022-1588
reference_type exploit
scores
url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/50945.tzt
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-1588
reference_id CVE-2022-1588
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2022-1588
fixed_packages
0
url pkg:composer/contao/core-bundle@4.13.3
purl pkg:composer/contao/core-bundle@4.13.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2hkz-2zs1-syga
1
vulnerability VCID-2vv2-ej4n-jkap
2
vulnerability VCID-37bz-3y5f-k3ca
3
vulnerability VCID-6gfx-t3ns-vuby
4
vulnerability VCID-9fgc-p6aq-vygh
5
vulnerability VCID-bzd7-n1ak-mug7
6
vulnerability VCID-gm48-5kg3-r7c8
7
vulnerability VCID-j3e7-e9v2-5yh5
8
vulnerability VCID-nk2j-myr2-qfgn
9
vulnerability VCID-sng8-95gj-t7bh
10
vulnerability VCID-tchf-hfgv-e3ca
11
vulnerability VCID-ubr4-jj9v-3kcx
12
vulnerability VCID-vfxq-ytb6-aybb
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/contao/core-bundle@4.13.3
1
url pkg:composer/contao/core-bundle@5.5.4
purl pkg:composer/contao/core-bundle@5.5.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-37bz-3y5f-k3ca
1
vulnerability VCID-4s26-ndpg-jkcy
2
vulnerability VCID-9fgc-p6aq-vygh
3
vulnerability VCID-bmg9-saw6-efhd
4
vulnerability VCID-tchf-hfgv-e3ca
5
vulnerability VCID-ubr4-jj9v-3kcx
6
vulnerability VCID-w65y-66s4-qbgy
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/contao/core-bundle@5.5.4
aliases CVE-2022-1588
risk_score null
exploitability 2.0
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6rht-mw5a-57gn
8
url VCID-apv4-1x4w-kkcg
vulnerability_id VCID-apv4-1x4w-kkcg
summary
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-35955
reference_id
reference_type
scores
0
value 0.00364
scoring_system epss
scoring_elements 0.58836
published_at 2026-06-11T12:55:00Z
1
value 0.00364
scoring_system epss
scoring_elements 0.58948
published_at 2026-06-12T12:55:00Z
2
value 0.00364
scoring_system epss
scoring_elements 0.58959
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-35955
1
reference_url https://contao.org/en/news/contao-4-9-16-and-4-11-5-are-available.html
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://contao.org/en/news/contao-4-9-16-and-4-11-5-are-available.html
2
reference_url https://contao.org/en/security-advisories/cross-site-scripting-via-html-attributes-in-the-back-end.html
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://contao.org/en/security-advisories/cross-site-scripting-via-html-attributes-in-the-back-end.html
3
reference_url https://github.com/contao/contao
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/contao/contao
4
reference_url https://github.com/contao/contao/security/advisories/GHSA-hr3h-x6gq-rqcp
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/contao/contao/security/advisories/GHSA-hr3h-x6gq-rqcp
5
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/contao/contao/CVE-2021-35955.yaml
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/contao/contao/CVE-2021-35955.yaml
6
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/contao/core-bundle/CVE-2021-35955.yaml
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/contao/core-bundle/CVE-2021-35955.yaml
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-35955
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-35955
8
reference_url https://github.com/advisories/GHSA-hr3h-x6gq-rqcp
reference_id GHSA-hr3h-x6gq-rqcp
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-hr3h-x6gq-rqcp
fixed_packages
0
url pkg:composer/contao/core-bundle@4.4.56
purl pkg:composer/contao/core-bundle@4.4.56
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2hkz-2zs1-syga
1
vulnerability VCID-2vv2-ej4n-jkap
2
vulnerability VCID-37bz-3y5f-k3ca
3
vulnerability VCID-3ryj-767z-87bq
4
vulnerability VCID-6gfx-t3ns-vuby
5
vulnerability VCID-6rht-mw5a-57gn
6
vulnerability VCID-baa6-3fxe-4udp
7
vulnerability VCID-bzd7-n1ak-mug7
8
vulnerability VCID-j3e7-e9v2-5yh5
9
vulnerability VCID-nk2j-myr2-qfgn
10
vulnerability VCID-tchf-hfgv-e3ca
11
vulnerability VCID-ubr4-jj9v-3kcx
12
vulnerability VCID-vfxq-ytb6-aybb
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/contao/core-bundle@4.4.56
1
url pkg:composer/contao/core-bundle@4.9.18
purl pkg:composer/contao/core-bundle@4.9.18
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2hkz-2zs1-syga
1
vulnerability VCID-2vv2-ej4n-jkap
2
vulnerability VCID-37bz-3y5f-k3ca
3
vulnerability VCID-3ryj-767z-87bq
4
vulnerability VCID-6gfx-t3ns-vuby
5
vulnerability VCID-6rht-mw5a-57gn
6
vulnerability VCID-9fgc-p6aq-vygh
7
vulnerability VCID-baa6-3fxe-4udp
8
vulnerability VCID-bzd7-n1ak-mug7
9
vulnerability VCID-j3e7-e9v2-5yh5
10
vulnerability VCID-nk2j-myr2-qfgn
11
vulnerability VCID-sng8-95gj-t7bh
12
vulnerability VCID-tchf-hfgv-e3ca
13
vulnerability VCID-ubr4-jj9v-3kcx
14
vulnerability VCID-vfxq-ytb6-aybb
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/contao/core-bundle@4.9.18
2
url pkg:composer/contao/core-bundle@4.11.7
purl pkg:composer/contao/core-bundle@4.11.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2hkz-2zs1-syga
1
vulnerability VCID-2vv2-ej4n-jkap
2
vulnerability VCID-37bz-3y5f-k3ca
3
vulnerability VCID-3ryj-767z-87bq
4
vulnerability VCID-6gfx-t3ns-vuby
5
vulnerability VCID-6rht-mw5a-57gn
6
vulnerability VCID-9fgc-p6aq-vygh
7
vulnerability VCID-baa6-3fxe-4udp
8
vulnerability VCID-bzd7-n1ak-mug7
9
vulnerability VCID-j3e7-e9v2-5yh5
10
vulnerability VCID-nk2j-myr2-qfgn
11
vulnerability VCID-sng8-95gj-t7bh
12
vulnerability VCID-tchf-hfgv-e3ca
13
vulnerability VCID-ubr4-jj9v-3kcx
14
vulnerability VCID-vfxq-ytb6-aybb
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/contao/core-bundle@4.11.7
aliases CVE-2021-35955, GHSA-hr3h-x6gq-rqcp
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-apv4-1x4w-kkcg
9
url VCID-baa6-3fxe-4udp
vulnerability_id VCID-baa6-3fxe-4udp
summary
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-37627
reference_id
reference_type
scores
0
value 0.00485
scoring_system epss
scoring_elements 0.65807
published_at 2026-06-11T12:55:00Z
1
value 0.00485
scoring_system epss
scoring_elements 0.65903
published_at 2026-06-12T12:55:00Z
2
value 0.00485
scoring_system epss
scoring_elements 0.65916
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-37627
1
reference_url https://contao.org/en/security-advisories/privilege-escalation-with-the-form-generator.html
reference_id
reference_type
scores
0
value 8.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://contao.org/en/security-advisories/privilege-escalation-with-the-form-generator.html
2
reference_url https://github.com/contao/contao
reference_id
reference_type
scores
0
value 8.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/contao/contao
3
reference_url https://github.com/contao/contao/security/advisories/GHSA-hq5m-mqmx-fw6m
reference_id
reference_type
scores
0
value 8.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/contao/contao/security/advisories/GHSA-hq5m-mqmx-fw6m
4
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/contao/contao/CVE-2021-37627.yaml
reference_id
reference_type
scores
0
value 8.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/contao/contao/CVE-2021-37627.yaml
5
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/contao/core-bundle/CVE-2021-37627.yaml
reference_id
reference_type
scores
0
value 8.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/contao/core-bundle/CVE-2021-37627.yaml
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-37627
reference_id
reference_type
scores
0
value 8.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-37627
7
reference_url https://github.com/advisories/GHSA-hq5m-mqmx-fw6m
reference_id GHSA-hq5m-mqmx-fw6m
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-hq5m-mqmx-fw6m
fixed_packages
0
url pkg:composer/contao/core-bundle@4.4.56
purl pkg:composer/contao/core-bundle@4.4.56
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2hkz-2zs1-syga
1
vulnerability VCID-2vv2-ej4n-jkap
2
vulnerability VCID-37bz-3y5f-k3ca
3
vulnerability VCID-3ryj-767z-87bq
4
vulnerability VCID-6gfx-t3ns-vuby
5
vulnerability VCID-6rht-mw5a-57gn
6
vulnerability VCID-baa6-3fxe-4udp
7
vulnerability VCID-bzd7-n1ak-mug7
8
vulnerability VCID-j3e7-e9v2-5yh5
9
vulnerability VCID-nk2j-myr2-qfgn
10
vulnerability VCID-tchf-hfgv-e3ca
11
vulnerability VCID-ubr4-jj9v-3kcx
12
vulnerability VCID-vfxq-ytb6-aybb
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/contao/core-bundle@4.4.56
1
url pkg:composer/contao/core-bundle@4.5.0-RC1
purl pkg:composer/contao/core-bundle@4.5.0-RC1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2hkz-2zs1-syga
1
vulnerability VCID-2vv2-ej4n-jkap
2
vulnerability VCID-37bz-3y5f-k3ca
3
vulnerability VCID-6gfx-t3ns-vuby
4
vulnerability VCID-6rht-mw5a-57gn
5
vulnerability VCID-bzd7-n1ak-mug7
6
vulnerability VCID-j3e7-e9v2-5yh5
7
vulnerability VCID-nk2j-myr2-qfgn
8
vulnerability VCID-tchf-hfgv-e3ca
9
vulnerability VCID-ubr4-jj9v-3kcx
10
vulnerability VCID-vfxq-ytb6-aybb
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/contao/core-bundle@4.5.0-RC1
2
url pkg:composer/contao/core-bundle@4.9.18
purl pkg:composer/contao/core-bundle@4.9.18
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2hkz-2zs1-syga
1
vulnerability VCID-2vv2-ej4n-jkap
2
vulnerability VCID-37bz-3y5f-k3ca
3
vulnerability VCID-3ryj-767z-87bq
4
vulnerability VCID-6gfx-t3ns-vuby
5
vulnerability VCID-6rht-mw5a-57gn
6
vulnerability VCID-9fgc-p6aq-vygh
7
vulnerability VCID-baa6-3fxe-4udp
8
vulnerability VCID-bzd7-n1ak-mug7
9
vulnerability VCID-j3e7-e9v2-5yh5
10
vulnerability VCID-nk2j-myr2-qfgn
11
vulnerability VCID-sng8-95gj-t7bh
12
vulnerability VCID-tchf-hfgv-e3ca
13
vulnerability VCID-ubr4-jj9v-3kcx
14
vulnerability VCID-vfxq-ytb6-aybb
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/contao/core-bundle@4.9.18
3
url pkg:composer/contao/core-bundle@4.9.19
purl pkg:composer/contao/core-bundle@4.9.19
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2hkz-2zs1-syga
1
vulnerability VCID-2vv2-ej4n-jkap
2
vulnerability VCID-37bz-3y5f-k3ca
3
vulnerability VCID-6gfx-t3ns-vuby
4
vulnerability VCID-6rht-mw5a-57gn
5
vulnerability VCID-9fgc-p6aq-vygh
6
vulnerability VCID-bzd7-n1ak-mug7
7
vulnerability VCID-j3e7-e9v2-5yh5
8
vulnerability VCID-nk2j-myr2-qfgn
9
vulnerability VCID-sng8-95gj-t7bh
10
vulnerability VCID-tchf-hfgv-e3ca
11
vulnerability VCID-ubr4-jj9v-3kcx
12
vulnerability VCID-vfxq-ytb6-aybb
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/contao/core-bundle@4.9.19
4
url pkg:composer/contao/core-bundle@4.10.0-RC1
purl pkg:composer/contao/core-bundle@4.10.0-RC1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2hkz-2zs1-syga
1
vulnerability VCID-37bz-3y5f-k3ca
2
vulnerability VCID-6gfx-t3ns-vuby
3
vulnerability VCID-6rht-mw5a-57gn
4
vulnerability VCID-9fgc-p6aq-vygh
5
vulnerability VCID-j3e7-e9v2-5yh5
6
vulnerability VCID-nk2j-myr2-qfgn
7
vulnerability VCID-sng8-95gj-t7bh
8
vulnerability VCID-tchf-hfgv-e3ca
9
vulnerability VCID-ubr4-jj9v-3kcx
10
vulnerability VCID-vfxq-ytb6-aybb
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/contao/core-bundle@4.10.0-RC1
5
url pkg:composer/contao/core-bundle@4.11.7
purl pkg:composer/contao/core-bundle@4.11.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2hkz-2zs1-syga
1
vulnerability VCID-2vv2-ej4n-jkap
2
vulnerability VCID-37bz-3y5f-k3ca
3
vulnerability VCID-3ryj-767z-87bq
4
vulnerability VCID-6gfx-t3ns-vuby
5
vulnerability VCID-6rht-mw5a-57gn
6
vulnerability VCID-9fgc-p6aq-vygh
7
vulnerability VCID-baa6-3fxe-4udp
8
vulnerability VCID-bzd7-n1ak-mug7
9
vulnerability VCID-j3e7-e9v2-5yh5
10
vulnerability VCID-nk2j-myr2-qfgn
11
vulnerability VCID-sng8-95gj-t7bh
12
vulnerability VCID-tchf-hfgv-e3ca
13
vulnerability VCID-ubr4-jj9v-3kcx
14
vulnerability VCID-vfxq-ytb6-aybb
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/contao/core-bundle@4.11.7
6
url pkg:composer/contao/core-bundle@4.11.8
purl pkg:composer/contao/core-bundle@4.11.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2hkz-2zs1-syga
1
vulnerability VCID-2vv2-ej4n-jkap
2
vulnerability VCID-37bz-3y5f-k3ca
3
vulnerability VCID-6gfx-t3ns-vuby
4
vulnerability VCID-6rht-mw5a-57gn
5
vulnerability VCID-9fgc-p6aq-vygh
6
vulnerability VCID-bzd7-n1ak-mug7
7
vulnerability VCID-j3e7-e9v2-5yh5
8
vulnerability VCID-nk2j-myr2-qfgn
9
vulnerability VCID-sng8-95gj-t7bh
10
vulnerability VCID-tchf-hfgv-e3ca
11
vulnerability VCID-ubr4-jj9v-3kcx
12
vulnerability VCID-vfxq-ytb6-aybb
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/contao/core-bundle@4.11.8
7
url pkg:composer/contao/core-bundle@4.12.0-RC1
purl pkg:composer/contao/core-bundle@4.12.0-RC1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2hkz-2zs1-syga
1
vulnerability VCID-2vv2-ej4n-jkap
2
vulnerability VCID-37bz-3y5f-k3ca
3
vulnerability VCID-6gfx-t3ns-vuby
4
vulnerability VCID-6rht-mw5a-57gn
5
vulnerability VCID-9fgc-p6aq-vygh
6
vulnerability VCID-bzd7-n1ak-mug7
7
vulnerability VCID-j3e7-e9v2-5yh5
8
vulnerability VCID-nk2j-myr2-qfgn
9
vulnerability VCID-sng8-95gj-t7bh
10
vulnerability VCID-tchf-hfgv-e3ca
11
vulnerability VCID-ubr4-jj9v-3kcx
12
vulnerability VCID-vfxq-ytb6-aybb
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/contao/core-bundle@4.12.0-RC1
aliases CVE-2021-37627, GHSA-hq5m-mqmx-fw6m
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-baa6-3fxe-4udp
10
url VCID-bzd7-n1ak-mug7
vulnerability_id VCID-bzd7-n1ak-mug7
summary Contao is an open source content management system. Prior to versions 4.9.40, 4.13.21, and 5.1.4, logged in users can list arbitrary system files in the file manager by manipulating the Ajax request. However, it is not possible to read the contents of these files. Users should update to Contao 4.9.40, 4.13.21 or 5.1.4 to receive a patch. There are no known workarounds.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-29200
reference_id
reference_type
scores
0
value 0.00578
scoring_system epss
scoring_elements 0.69435
published_at 2026-06-13T12:55:00Z
1
value 0.00578
scoring_system epss
scoring_elements 0.69331
published_at 2026-06-11T12:55:00Z
2
value 0.00578
scoring_system epss
scoring_elements 0.69422
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-29200
1
reference_url https://contao.org/en/security-advisories/directory-traversal-in-the-file-manager.html
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://contao.org/en/security-advisories/directory-traversal-in-the-file-manager.html
2
reference_url https://github.com/contao/contao
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/contao/contao
3
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/contao/contao/CVE-2023-29200.yaml
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/contao/contao/CVE-2023-29200.yaml
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-29200
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-29200
5
reference_url https://github.com/contao/contao/commit/6f3e705f4ff23f4419563d09d8485793569f31df
reference_id 6f3e705f4ff23f4419563d09d8485793569f31df
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-03T19:37:07Z/
url https://github.com/contao/contao/commit/6f3e705f4ff23f4419563d09d8485793569f31df
6
reference_url https://contao.org/en/security-advisories/directory-traversal-in-the-file-manager
reference_id directory-traversal-in-the-file-manager
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-03T19:37:07Z/
url https://contao.org/en/security-advisories/directory-traversal-in-the-file-manager
7
reference_url https://github.com/advisories/GHSA-fp7q-xhhw-6rj3
reference_id GHSA-fp7q-xhhw-6rj3
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-fp7q-xhhw-6rj3
8
reference_url https://github.com/contao/contao/security/advisories/GHSA-fp7q-xhhw-6rj3
reference_id GHSA-fp7q-xhhw-6rj3
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
2
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
3
value HIGH
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-03T19:37:07Z/
url https://github.com/contao/contao/security/advisories/GHSA-fp7q-xhhw-6rj3
fixed_packages
0
url pkg:composer/contao/core-bundle@4.9.40
purl pkg:composer/contao/core-bundle@4.9.40
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2hkz-2zs1-syga
1
vulnerability VCID-2vv2-ej4n-jkap
2
vulnerability VCID-37bz-3y5f-k3ca
3
vulnerability VCID-6gfx-t3ns-vuby
4
vulnerability VCID-9fgc-p6aq-vygh
5
vulnerability VCID-j3e7-e9v2-5yh5
6
vulnerability VCID-nk2j-myr2-qfgn
7
vulnerability VCID-sng8-95gj-t7bh
8
vulnerability VCID-tchf-hfgv-e3ca
9
vulnerability VCID-ubr4-jj9v-3kcx
10
vulnerability VCID-vfxq-ytb6-aybb
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/contao/core-bundle@4.9.40
1
url pkg:composer/contao/core-bundle@4.10.0-RC1
purl pkg:composer/contao/core-bundle@4.10.0-RC1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2hkz-2zs1-syga
1
vulnerability VCID-37bz-3y5f-k3ca
2
vulnerability VCID-6gfx-t3ns-vuby
3
vulnerability VCID-6rht-mw5a-57gn
4
vulnerability VCID-9fgc-p6aq-vygh
5
vulnerability VCID-j3e7-e9v2-5yh5
6
vulnerability VCID-nk2j-myr2-qfgn
7
vulnerability VCID-sng8-95gj-t7bh
8
vulnerability VCID-tchf-hfgv-e3ca
9
vulnerability VCID-ubr4-jj9v-3kcx
10
vulnerability VCID-vfxq-ytb6-aybb
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/contao/core-bundle@4.10.0-RC1
2
url pkg:composer/contao/core-bundle@4.13.21
purl pkg:composer/contao/core-bundle@4.13.21
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2hkz-2zs1-syga
1
vulnerability VCID-2vv2-ej4n-jkap
2
vulnerability VCID-37bz-3y5f-k3ca
3
vulnerability VCID-6gfx-t3ns-vuby
4
vulnerability VCID-9fgc-p6aq-vygh
5
vulnerability VCID-gm48-5kg3-r7c8
6
vulnerability VCID-j3e7-e9v2-5yh5
7
vulnerability VCID-nk2j-myr2-qfgn
8
vulnerability VCID-sng8-95gj-t7bh
9
vulnerability VCID-tchf-hfgv-e3ca
10
vulnerability VCID-ubr4-jj9v-3kcx
11
vulnerability VCID-vfxq-ytb6-aybb
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/contao/core-bundle@4.13.21
3
url pkg:composer/contao/core-bundle@5.0.0-RC1
purl pkg:composer/contao/core-bundle@5.0.0-RC1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-37bz-3y5f-k3ca
1
vulnerability VCID-6gfx-t3ns-vuby
2
vulnerability VCID-9fgc-p6aq-vygh
3
vulnerability VCID-j3e7-e9v2-5yh5
4
vulnerability VCID-sng8-95gj-t7bh
5
vulnerability VCID-tchf-hfgv-e3ca
6
vulnerability VCID-w65y-66s4-qbgy
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/contao/core-bundle@5.0.0-RC1
4
url pkg:composer/contao/core-bundle@5.1.4
purl pkg:composer/contao/core-bundle@5.1.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2vv2-ej4n-jkap
1
vulnerability VCID-37bz-3y5f-k3ca
2
vulnerability VCID-6gfx-t3ns-vuby
3
vulnerability VCID-9fgc-p6aq-vygh
4
vulnerability VCID-bmg9-saw6-efhd
5
vulnerability VCID-gm48-5kg3-r7c8
6
vulnerability VCID-j3e7-e9v2-5yh5
7
vulnerability VCID-sng8-95gj-t7bh
8
vulnerability VCID-tchf-hfgv-e3ca
9
vulnerability VCID-vfxq-ytb6-aybb
10
vulnerability VCID-w65y-66s4-qbgy
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/contao/core-bundle@5.1.4
5
url pkg:composer/contao/core-bundle@5.5.4
purl pkg:composer/contao/core-bundle@5.5.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-37bz-3y5f-k3ca
1
vulnerability VCID-4s26-ndpg-jkcy
2
vulnerability VCID-9fgc-p6aq-vygh
3
vulnerability VCID-bmg9-saw6-efhd
4
vulnerability VCID-tchf-hfgv-e3ca
5
vulnerability VCID-ubr4-jj9v-3kcx
6
vulnerability VCID-w65y-66s4-qbgy
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/contao/core-bundle@5.5.4
aliases CVE-2023-29200, GHSA-fp7q-xhhw-6rj3
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-bzd7-n1ak-mug7
11
url VCID-cyty-bpmd-xyc3
vulnerability_id VCID-cyty-bpmd-xyc3
summary Unrestricted file uploads in Contao
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-19745
reference_id
reference_type
scores
0
value 0.00452
scoring_system epss
scoring_elements 0.64277
published_at 2026-06-12T12:55:00Z
1
value 0.00452
scoring_system epss
scoring_elements 0.6429
published_at 2026-06-13T12:55:00Z
2
value 0.00452
scoring_system epss
scoring_elements 0.64174
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-19745
1
reference_url https://contao.org/en/news.html
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://contao.org/en/news.html
2
reference_url https://contao.org/en/security-advisories/unrestricted-file-uploads.html
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://contao.org/en/security-advisories/unrestricted-file-uploads.html
3
reference_url https://github.com/contao/contao
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/contao/contao
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-19745
reference_id CVE-2019-19745
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-19745
5
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/contao/contao/CVE-2019-19745.yaml
reference_id CVE-2019-19745.YAML
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/contao/contao/CVE-2019-19745.yaml
6
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/contao/core-bundle/CVE-2019-19745.yaml
reference_id CVE-2019-19745.YAML
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/contao/core-bundle/CVE-2019-19745.yaml
7
reference_url https://github.com/advisories/GHSA-wjx8-cgrm-hh8p
reference_id GHSA-wjx8-cgrm-hh8p
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-wjx8-cgrm-hh8p
8
reference_url https://github.com/contao/contao/security/advisories/GHSA-wjx8-cgrm-hh8p
reference_id GHSA-wjx8-cgrm-hh8p
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/contao/contao/security/advisories/GHSA-wjx8-cgrm-hh8p
fixed_packages
0
url pkg:composer/contao/core-bundle@4.4.46
purl pkg:composer/contao/core-bundle@4.4.46
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2hkz-2zs1-syga
1
vulnerability VCID-2vv2-ej4n-jkap
2
vulnerability VCID-37bz-3y5f-k3ca
3
vulnerability VCID-3ryj-767z-87bq
4
vulnerability VCID-48eq-peme-jyh7
5
vulnerability VCID-6gfx-t3ns-vuby
6
vulnerability VCID-6rht-mw5a-57gn
7
vulnerability VCID-apv4-1x4w-kkcg
8
vulnerability VCID-baa6-3fxe-4udp
9
vulnerability VCID-bzd7-n1ak-mug7
10
vulnerability VCID-j3e7-e9v2-5yh5
11
vulnerability VCID-nk2j-myr2-qfgn
12
vulnerability VCID-tchf-hfgv-e3ca
13
vulnerability VCID-ubr4-jj9v-3kcx
14
vulnerability VCID-vfxq-ytb6-aybb
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/contao/core-bundle@4.4.46
1
url pkg:composer/contao/core-bundle@4.5.0-RC1
purl pkg:composer/contao/core-bundle@4.5.0-RC1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2hkz-2zs1-syga
1
vulnerability VCID-2vv2-ej4n-jkap
2
vulnerability VCID-37bz-3y5f-k3ca
3
vulnerability VCID-6gfx-t3ns-vuby
4
vulnerability VCID-6rht-mw5a-57gn
5
vulnerability VCID-bzd7-n1ak-mug7
6
vulnerability VCID-j3e7-e9v2-5yh5
7
vulnerability VCID-nk2j-myr2-qfgn
8
vulnerability VCID-tchf-hfgv-e3ca
9
vulnerability VCID-ubr4-jj9v-3kcx
10
vulnerability VCID-vfxq-ytb6-aybb
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/contao/core-bundle@4.5.0-RC1
2
url pkg:composer/contao/core-bundle@4.8.6
purl pkg:composer/contao/core-bundle@4.8.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2hkz-2zs1-syga
1
vulnerability VCID-2vv2-ej4n-jkap
2
vulnerability VCID-37bz-3y5f-k3ca
3
vulnerability VCID-3ryj-767z-87bq
4
vulnerability VCID-6gfx-t3ns-vuby
5
vulnerability VCID-6rht-mw5a-57gn
6
vulnerability VCID-apv4-1x4w-kkcg
7
vulnerability VCID-baa6-3fxe-4udp
8
vulnerability VCID-bzd7-n1ak-mug7
9
vulnerability VCID-j3e7-e9v2-5yh5
10
vulnerability VCID-nk2j-myr2-qfgn
11
vulnerability VCID-tchf-hfgv-e3ca
12
vulnerability VCID-tsys-ek4k-z7aw
13
vulnerability VCID-ubr4-jj9v-3kcx
14
vulnerability VCID-vfxq-ytb6-aybb
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/contao/core-bundle@4.8.6
3
url pkg:composer/contao/core-bundle@5.5.4
purl pkg:composer/contao/core-bundle@5.5.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-37bz-3y5f-k3ca
1
vulnerability VCID-4s26-ndpg-jkcy
2
vulnerability VCID-9fgc-p6aq-vygh
3
vulnerability VCID-bmg9-saw6-efhd
4
vulnerability VCID-tchf-hfgv-e3ca
5
vulnerability VCID-ubr4-jj9v-3kcx
6
vulnerability VCID-w65y-66s4-qbgy
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/contao/core-bundle@5.5.4
aliases CVE-2019-19745, GHSA-wjx8-cgrm-hh8p
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-cyty-bpmd-xyc3
12
url VCID-dgnu-4z5a-1bf7
vulnerability_id VCID-dgnu-4z5a-1bf7
summary
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-11512
reference_id
reference_type
scores
0
value 0.00307
scoring_system epss
scoring_elements 0.54322
published_at 2026-06-11T12:55:00Z
1
value 0.00307
scoring_system epss
scoring_elements 0.54449
published_at 2026-06-12T12:55:00Z
2
value 0.00307
scoring_system epss
scoring_elements 0.54464
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-11512
1
reference_url https://contao.org/en/news/security-vulnerability-cve-2019-11512.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://contao.org/en/news/security-vulnerability-cve-2019-11512.html
2
reference_url https://github.com/contao/contao/commit/87d92f823b08b91a0aeb522284537c8afcdb8aba
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/contao/contao/commit/87d92f823b08b91a0aeb522284537c8afcdb8aba
3
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/contao/contao/CVE-2019-11512.yaml
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/contao/contao/CVE-2019-11512.yaml
4
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/contao/core-bundle/CVE-2019-11512.yaml
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/contao/core-bundle/CVE-2019-11512.yaml
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-11512
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-11512
6
reference_url https://github.com/advisories/GHSA-vq59-x6mq-4wgw
reference_id GHSA-vq59-x6mq-4wgw
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-vq59-x6mq-4wgw
fixed_packages
0
url pkg:composer/contao/core-bundle@4.4.39
purl pkg:composer/contao/core-bundle@4.4.39
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2hkz-2zs1-syga
1
vulnerability VCID-2vv2-ej4n-jkap
2
vulnerability VCID-37bz-3y5f-k3ca
3
vulnerability VCID-3ryj-767z-87bq
4
vulnerability VCID-48eq-peme-jyh7
5
vulnerability VCID-6gfx-t3ns-vuby
6
vulnerability VCID-6rht-mw5a-57gn
7
vulnerability VCID-apv4-1x4w-kkcg
8
vulnerability VCID-baa6-3fxe-4udp
9
vulnerability VCID-bzd7-n1ak-mug7
10
vulnerability VCID-cyty-bpmd-xyc3
11
vulnerability VCID-j3e7-e9v2-5yh5
12
vulnerability VCID-nk2j-myr2-qfgn
13
vulnerability VCID-p4zh-cenk-rkff
14
vulnerability VCID-tchf-hfgv-e3ca
15
vulnerability VCID-ubr4-jj9v-3kcx
16
vulnerability VCID-vfxq-ytb6-aybb
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/contao/core-bundle@4.4.39
1
url pkg:composer/contao/core-bundle@4.7.5
purl pkg:composer/contao/core-bundle@4.7.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2hkz-2zs1-syga
1
vulnerability VCID-2vv2-ej4n-jkap
2
vulnerability VCID-37bz-3y5f-k3ca
3
vulnerability VCID-3ryj-767z-87bq
4
vulnerability VCID-6gfx-t3ns-vuby
5
vulnerability VCID-6rht-mw5a-57gn
6
vulnerability VCID-apv4-1x4w-kkcg
7
vulnerability VCID-baa6-3fxe-4udp
8
vulnerability VCID-bzd7-n1ak-mug7
9
vulnerability VCID-cyty-bpmd-xyc3
10
vulnerability VCID-j3e7-e9v2-5yh5
11
vulnerability VCID-nk2j-myr2-qfgn
12
vulnerability VCID-p4zh-cenk-rkff
13
vulnerability VCID-tchf-hfgv-e3ca
14
vulnerability VCID-tsys-ek4k-z7aw
15
vulnerability VCID-ubr4-jj9v-3kcx
16
vulnerability VCID-vfxq-ytb6-aybb
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/contao/core-bundle@4.7.5
aliases CVE-2019-11512, GHSA-vq59-x6mq-4wgw
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-dgnu-4z5a-1bf7
13
url VCID-j3e7-e9v2-5yh5
vulnerability_id VCID-j3e7-e9v2-5yh5
summary Contao is an open source content management system. Starting in version 4.0.0 and prior to version 4.13.40 and 5.3.4, it is possible to inject insert tags in frontend forms if the output is structured in a very specific way. Contao versions 4.13.40 and 5.3.4 have a patch for this issue. As a workaround, do not output user data from frontend forms next to each other, always separate them by at least one character.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-28191
reference_id
reference_type
scores
0
value 0.00961
scoring_system epss
scoring_elements 0.76994
published_at 2026-06-12T12:55:00Z
1
value 0.00961
scoring_system epss
scoring_elements 0.77008
published_at 2026-06-13T12:55:00Z
2
value 0.00988
scoring_system epss
scoring_elements 0.7728
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-28191
1
reference_url https://github.com/contao/contao
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/contao/contao
2
reference_url https://github.com/contao/contao/commit/388859dcf110ca70e0fae68a2a5579ab6a702919
reference_id 388859dcf110ca70e0fae68a2a5579ab6a702919
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-29T16:07:38Z/
url https://github.com/contao/contao/commit/388859dcf110ca70e0fae68a2a5579ab6a702919
3
reference_url https://github.com/contao/contao/commit/474a2fc25f1d84d786aba8c6d234af99e64d016b
reference_id 474a2fc25f1d84d786aba8c6d234af99e64d016b
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-29T16:07:38Z/
url https://github.com/contao/contao/commit/474a2fc25f1d84d786aba8c6d234af99e64d016b
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-28191
reference_id CVE-2024-28191
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-28191
5
reference_url https://github.com/advisories/GHSA-747v-52c4-8vj8
reference_id GHSA-747v-52c4-8vj8
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-747v-52c4-8vj8
6
reference_url https://github.com/contao/contao/security/advisories/GHSA-747v-52c4-8vj8
reference_id GHSA-747v-52c4-8vj8
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system cvssv3.1_qr
scoring_elements
2
value LOW
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-29T16:07:38Z/
url https://github.com/contao/contao/security/advisories/GHSA-747v-52c4-8vj8
7
reference_url https://contao.org/en/security-advisories/insert-tag-injection-via-the-form-generator
reference_id insert-tag-injection-via-the-form-generator
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-29T16:07:38Z/
url https://contao.org/en/security-advisories/insert-tag-injection-via-the-form-generator
fixed_packages
0
url pkg:composer/contao/core-bundle@4.13.40
purl pkg:composer/contao/core-bundle@4.13.40
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-37bz-3y5f-k3ca
1
vulnerability VCID-9fgc-p6aq-vygh
2
vulnerability VCID-gm48-5kg3-r7c8
3
vulnerability VCID-nk2j-myr2-qfgn
4
vulnerability VCID-tchf-hfgv-e3ca
5
vulnerability VCID-ubr4-jj9v-3kcx
6
vulnerability VCID-vfxq-ytb6-aybb
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/contao/core-bundle@4.13.40
1
url pkg:composer/contao/core-bundle@5.3.4
purl pkg:composer/contao/core-bundle@5.3.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-37bz-3y5f-k3ca
1
vulnerability VCID-4s26-ndpg-jkcy
2
vulnerability VCID-9fgc-p6aq-vygh
3
vulnerability VCID-bmg9-saw6-efhd
4
vulnerability VCID-gm48-5kg3-r7c8
5
vulnerability VCID-tchf-hfgv-e3ca
6
vulnerability VCID-ubr4-jj9v-3kcx
7
vulnerability VCID-vfxq-ytb6-aybb
8
vulnerability VCID-w65y-66s4-qbgy
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/contao/core-bundle@5.3.4
2
url pkg:composer/contao/core-bundle@5.5.4
purl pkg:composer/contao/core-bundle@5.5.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-37bz-3y5f-k3ca
1
vulnerability VCID-4s26-ndpg-jkcy
2
vulnerability VCID-9fgc-p6aq-vygh
3
vulnerability VCID-bmg9-saw6-efhd
4
vulnerability VCID-tchf-hfgv-e3ca
5
vulnerability VCID-ubr4-jj9v-3kcx
6
vulnerability VCID-w65y-66s4-qbgy
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/contao/core-bundle@5.5.4
aliases CVE-2024-28191, GHSA-747v-52c4-8vj8
risk_score 1.4
exploitability 0.5
weighted_severity 2.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-j3e7-e9v2-5yh5
14
url VCID-nk2j-myr2-qfgn
vulnerability_id VCID-nk2j-myr2-qfgn
summary Contao is an Open Source CMS. In affected versions authenticated users in the back end can list files outside the document root in the file selector widget. Users are advised to update to Contao 4.13.49. There are no known workarounds for this vulnerability.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-45604
reference_id
reference_type
scores
0
value 0.00747
scoring_system epss
scoring_elements 0.73531
published_at 2026-06-11T12:55:00Z
1
value 0.00747
scoring_system epss
scoring_elements 0.7362
published_at 2026-06-13T12:55:00Z
2
value 0.00747
scoring_system epss
scoring_elements 0.73606
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-45604
1
reference_url https://github.com/contao/contao
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/contao/contao
2
reference_url https://github.com/contao/contao/commit/63409c6bdfd95197d9906e229d765b630d45742e
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/contao/contao/commit/63409c6bdfd95197d9906e229d765b630d45742e
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-45604
reference_id CVE-2024-45604
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-45604
4
reference_url https://contao.org/en/security-advisories/directory-traversal-in-the-fileselector-widget
reference_id directory-traversal-in-the-fileselector-widget
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-18T13:09:34Z/
url https://contao.org/en/security-advisories/directory-traversal-in-the-fileselector-widget
5
reference_url https://github.com/advisories/GHSA-4p75-5p53-65m9
reference_id GHSA-4p75-5p53-65m9
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-4p75-5p53-65m9
6
reference_url https://github.com/contao/contao/security/advisories/GHSA-4p75-5p53-65m9
reference_id GHSA-4p75-5p53-65m9
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-18T13:09:34Z/
url https://github.com/contao/contao/security/advisories/GHSA-4p75-5p53-65m9
fixed_packages
0
url pkg:composer/contao/core-bundle@4.13.49
purl pkg:composer/contao/core-bundle@4.13.49
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-37bz-3y5f-k3ca
1
vulnerability VCID-9fgc-p6aq-vygh
2
vulnerability VCID-tchf-hfgv-e3ca
3
vulnerability VCID-ubr4-jj9v-3kcx
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/contao/core-bundle@4.13.49
1
url pkg:composer/contao/core-bundle@5.0.0-RC1
purl pkg:composer/contao/core-bundle@5.0.0-RC1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-37bz-3y5f-k3ca
1
vulnerability VCID-6gfx-t3ns-vuby
2
vulnerability VCID-9fgc-p6aq-vygh
3
vulnerability VCID-j3e7-e9v2-5yh5
4
vulnerability VCID-sng8-95gj-t7bh
5
vulnerability VCID-tchf-hfgv-e3ca
6
vulnerability VCID-w65y-66s4-qbgy
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/contao/core-bundle@5.0.0-RC1
aliases CVE-2024-45604, GHSA-4p75-5p53-65m9
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-nk2j-myr2-qfgn
15
url VCID-p4zh-cenk-rkff
vulnerability_id VCID-p4zh-cenk-rkff
summary Information disclosure in the Contao backend
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-19712
reference_id
reference_type
scores
0
value 0.00133
scoring_system epss
scoring_elements 0.32662
published_at 2026-06-12T12:55:00Z
1
value 0.00133
scoring_system epss
scoring_elements 0.32683
published_at 2026-06-13T12:55:00Z
2
value 0.00133
scoring_system epss
scoring_elements 0.32481
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-19712
1
reference_url https://contao.org/en/news.html
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://contao.org/en/news.html
2
reference_url https://contao.org/en/security-advisories/information-disclosure-in-the-back-end.html
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://contao.org/en/security-advisories/information-disclosure-in-the-back-end.html
3
reference_url https://github.com/contao/contao
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/contao/contao
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-19712
reference_id CVE-2019-19712
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-19712
5
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/contao/contao/CVE-2019-19712.yaml
reference_id CVE-2019-19712.YAML
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/contao/contao/CVE-2019-19712.yaml
6
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/contao/core-bundle/CVE-2019-19712.yaml
reference_id CVE-2019-19712.YAML
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/contao/core-bundle/CVE-2019-19712.yaml
7
reference_url https://github.com/advisories/GHSA-4mvc-qc5w-v5qr
reference_id GHSA-4mvc-qc5w-v5qr
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-4mvc-qc5w-v5qr
8
reference_url https://github.com/contao/contao/security/advisories/GHSA-4mvc-qc5w-v5qr
reference_id GHSA-4mvc-qc5w-v5qr
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/contao/contao/security/advisories/GHSA-4mvc-qc5w-v5qr
fixed_packages
0
url pkg:composer/contao/core-bundle@4.4.46
purl pkg:composer/contao/core-bundle@4.4.46
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2hkz-2zs1-syga
1
vulnerability VCID-2vv2-ej4n-jkap
2
vulnerability VCID-37bz-3y5f-k3ca
3
vulnerability VCID-3ryj-767z-87bq
4
vulnerability VCID-48eq-peme-jyh7
5
vulnerability VCID-6gfx-t3ns-vuby
6
vulnerability VCID-6rht-mw5a-57gn
7
vulnerability VCID-apv4-1x4w-kkcg
8
vulnerability VCID-baa6-3fxe-4udp
9
vulnerability VCID-bzd7-n1ak-mug7
10
vulnerability VCID-j3e7-e9v2-5yh5
11
vulnerability VCID-nk2j-myr2-qfgn
12
vulnerability VCID-tchf-hfgv-e3ca
13
vulnerability VCID-ubr4-jj9v-3kcx
14
vulnerability VCID-vfxq-ytb6-aybb
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/contao/core-bundle@4.4.46
1
url pkg:composer/contao/core-bundle@4.5.0-RC1
purl pkg:composer/contao/core-bundle@4.5.0-RC1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2hkz-2zs1-syga
1
vulnerability VCID-2vv2-ej4n-jkap
2
vulnerability VCID-37bz-3y5f-k3ca
3
vulnerability VCID-6gfx-t3ns-vuby
4
vulnerability VCID-6rht-mw5a-57gn
5
vulnerability VCID-bzd7-n1ak-mug7
6
vulnerability VCID-j3e7-e9v2-5yh5
7
vulnerability VCID-nk2j-myr2-qfgn
8
vulnerability VCID-tchf-hfgv-e3ca
9
vulnerability VCID-ubr4-jj9v-3kcx
10
vulnerability VCID-vfxq-ytb6-aybb
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/contao/core-bundle@4.5.0-RC1
2
url pkg:composer/contao/core-bundle@4.8.6
purl pkg:composer/contao/core-bundle@4.8.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2hkz-2zs1-syga
1
vulnerability VCID-2vv2-ej4n-jkap
2
vulnerability VCID-37bz-3y5f-k3ca
3
vulnerability VCID-3ryj-767z-87bq
4
vulnerability VCID-6gfx-t3ns-vuby
5
vulnerability VCID-6rht-mw5a-57gn
6
vulnerability VCID-apv4-1x4w-kkcg
7
vulnerability VCID-baa6-3fxe-4udp
8
vulnerability VCID-bzd7-n1ak-mug7
9
vulnerability VCID-j3e7-e9v2-5yh5
10
vulnerability VCID-nk2j-myr2-qfgn
11
vulnerability VCID-tchf-hfgv-e3ca
12
vulnerability VCID-tsys-ek4k-z7aw
13
vulnerability VCID-ubr4-jj9v-3kcx
14
vulnerability VCID-vfxq-ytb6-aybb
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/contao/core-bundle@4.8.6
3
url pkg:composer/contao/core-bundle@5.5.4
purl pkg:composer/contao/core-bundle@5.5.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-37bz-3y5f-k3ca
1
vulnerability VCID-4s26-ndpg-jkcy
2
vulnerability VCID-9fgc-p6aq-vygh
3
vulnerability VCID-bmg9-saw6-efhd
4
vulnerability VCID-tchf-hfgv-e3ca
5
vulnerability VCID-ubr4-jj9v-3kcx
6
vulnerability VCID-w65y-66s4-qbgy
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/contao/core-bundle@5.5.4
aliases CVE-2019-19712, GHSA-4mvc-qc5w-v5qr
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-p4zh-cenk-rkff
16
url VCID-tchf-hfgv-e3ca
vulnerability_id VCID-tchf-hfgv-e3ca
summary Contao is an Open Source CMS. From version 4.0.0 to before 4.13.57, before 5.3.42, and before 5.6.5, back end users with precise control over the contents of template closures can execute arbitrary PHP functions that do not have required parameters. This issue has been patched in versions 4.13.57, 5.3.42, and 5.6.5. A workaround for this issue involves manually patching the Contao\Template::once() method.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-65960
reference_id
reference_type
scores
0
value 0.0002
scoring_system epss
scoring_elements 0.05784
published_at 2026-06-12T12:55:00Z
1
value 0.0002
scoring_system epss
scoring_elements 0.05775
published_at 2026-06-13T12:55:00Z
2
value 0.0002
scoring_system epss
scoring_elements 0.05759
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-65960
1
reference_url https://github.com/contao/contao
reference_id
reference_type
scores
0
value 6.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/contao/contao
2
reference_url https://github.com/contao/contao/commit/577d7fdd5b1ca84f65f034ff556865422f0a3bd1
reference_id
reference_type
scores
0
value 6.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/contao/contao/commit/577d7fdd5b1ca84f65f034ff556865422f0a3bd1
3
reference_url https://github.com/contao/contao/commit/676f0855d39007ac9a0dbe7ae6a7414cba2312a5
reference_id
reference_type
scores
0
value 6.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/contao/contao/commit/676f0855d39007ac9a0dbe7ae6a7414cba2312a5
4
reference_url https://github.com/contao/contao/commit/ebf84c90e5679a67060f396b924ce4a3c3f206b3
reference_id
reference_type
scores
0
value 6.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/contao/contao/commit/ebf84c90e5679a67060f396b924ce4a3c3f206b3
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-65960
reference_id CVE-2025-65960
reference_type
scores
0
value 6.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-65960
6
reference_url https://github.com/advisories/GHSA-98vj-mm79-v77r
reference_id GHSA-98vj-mm79-v77r
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-98vj-mm79-v77r
7
reference_url https://github.com/contao/contao/security/advisories/GHSA-98vj-mm79-v77r
reference_id GHSA-98vj-mm79-v77r
reference_type
scores
0
value 6.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-11-25T19:59:53Z/
url https://github.com/contao/contao/security/advisories/GHSA-98vj-mm79-v77r
8
reference_url https://contao.org/en/security-advisories/remote-code-execution-in-template-closures
reference_id remote-code-execution-in-template-closures
reference_type
scores
0
value 6.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-11-25T19:59:53Z/
url https://contao.org/en/security-advisories/remote-code-execution-in-template-closures
fixed_packages
0
url pkg:composer/contao/core-bundle@4.13.57
purl pkg:composer/contao/core-bundle@4.13.57
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/contao/core-bundle@4.13.57
1
url pkg:composer/contao/core-bundle@5.3.42
purl pkg:composer/contao/core-bundle@5.3.42
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/contao/core-bundle@5.3.42
2
url pkg:composer/contao/core-bundle@5.6.5
purl pkg:composer/contao/core-bundle@5.6.5
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/contao/core-bundle@5.6.5
aliases CVE-2025-65960, GHSA-98vj-mm79-v77r
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-tchf-hfgv-e3ca
17
url VCID-ubr4-jj9v-3kcx
vulnerability_id VCID-ubr4-jj9v-3kcx
summary Contao is an Open Source CMS. Users can upload SVG files with malicious code, which is then executed in the back end and/or front end. This vulnerability is fixed in Contao 4.13.54, 5.3.30, or 5.5.6.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-29790
reference_id
reference_type
scores
0
value 0.00533
scoring_system epss
scoring_elements 0.67826
published_at 2026-06-11T12:55:00Z
1
value 0.00533
scoring_system epss
scoring_elements 0.67928
published_at 2026-06-13T12:55:00Z
2
value 0.00533
scoring_system epss
scoring_elements 0.67915
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-29790
1
reference_url https://github.com/contao/contao
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/contao/contao
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-29790
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-29790
3
reference_url https://contao.org/en/security-advisories/cross-site-scripting-through-svg-uploads
reference_id cross-site-scripting-through-svg-uploads
reference_type
scores
0
value 4.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-18T18:48:29Z/
url https://contao.org/en/security-advisories/cross-site-scripting-through-svg-uploads
4
reference_url https://github.com/advisories/GHSA-vqqr-fgmh-f626
reference_id GHSA-vqqr-fgmh-f626
reference_type
scores
url https://github.com/advisories/GHSA-vqqr-fgmh-f626
5
reference_url https://github.com/contao/contao/security/advisories/GHSA-vqqr-fgmh-f626
reference_id GHSA-vqqr-fgmh-f626
reference_type
scores
0
value 4.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-18T18:48:29Z/
url https://github.com/contao/contao/security/advisories/GHSA-vqqr-fgmh-f626
fixed_packages
0
url pkg:composer/contao/core-bundle@4.13.54
purl pkg:composer/contao/core-bundle@4.13.54
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-37bz-3y5f-k3ca
1
vulnerability VCID-9fgc-p6aq-vygh
2
vulnerability VCID-tchf-hfgv-e3ca
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/contao/core-bundle@4.13.54
1
url pkg:composer/contao/core-bundle@5.0.0-RC1
purl pkg:composer/contao/core-bundle@5.0.0-RC1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-37bz-3y5f-k3ca
1
vulnerability VCID-6gfx-t3ns-vuby
2
vulnerability VCID-9fgc-p6aq-vygh
3
vulnerability VCID-j3e7-e9v2-5yh5
4
vulnerability VCID-sng8-95gj-t7bh
5
vulnerability VCID-tchf-hfgv-e3ca
6
vulnerability VCID-w65y-66s4-qbgy
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/contao/core-bundle@5.0.0-RC1
2
url pkg:composer/contao/core-bundle@5.3.30
purl pkg:composer/contao/core-bundle@5.3.30
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-37bz-3y5f-k3ca
1
vulnerability VCID-4s26-ndpg-jkcy
2
vulnerability VCID-9fgc-p6aq-vygh
3
vulnerability VCID-bmg9-saw6-efhd
4
vulnerability VCID-tchf-hfgv-e3ca
5
vulnerability VCID-w65y-66s4-qbgy
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/contao/core-bundle@5.3.30
3
url pkg:composer/contao/core-bundle@5.4.0-RC1
purl pkg:composer/contao/core-bundle@5.4.0-RC1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-37bz-3y5f-k3ca
1
vulnerability VCID-4s26-ndpg-jkcy
2
vulnerability VCID-9fgc-p6aq-vygh
3
vulnerability VCID-bmg9-saw6-efhd
4
vulnerability VCID-tchf-hfgv-e3ca
5
vulnerability VCID-w65y-66s4-qbgy
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/contao/core-bundle@5.4.0-RC1
4
url pkg:composer/contao/core-bundle@5.5.6
purl pkg:composer/contao/core-bundle@5.5.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-37bz-3y5f-k3ca
1
vulnerability VCID-4s26-ndpg-jkcy
2
vulnerability VCID-9fgc-p6aq-vygh
3
vulnerability VCID-bmg9-saw6-efhd
4
vulnerability VCID-tchf-hfgv-e3ca
5
vulnerability VCID-w65y-66s4-qbgy
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/contao/core-bundle@5.5.6
aliases CVE-2025-29790, GHSA-vqqr-fgmh-f626
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ubr4-jj9v-3kcx
18
url VCID-vfxq-ytb6-aybb
vulnerability_id VCID-vfxq-ytb6-aybb
summary Contao is an Open Source CMS. In affected versions a back end user with access to the file manager can upload malicious files and execute them on the server. Users are advised to update to Contao 4.13.49, 5.3.15 or 5.4.3. Users unable to update are advised to configure their web server so it does not execute PHP files and other scripts in the Contao file upload directory.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-45398
reference_id
reference_type
scores
0
value 0.00211
scoring_system epss
scoring_elements 0.43904
published_at 2026-06-12T12:55:00Z
1
value 0.00211
scoring_system epss
scoring_elements 0.43924
published_at 2026-06-13T12:55:00Z
2
value 0.00211
scoring_system epss
scoring_elements 0.43749
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-45398
1
reference_url https://github.com/contao/contao
reference_id
reference_type
scores
0
value 8.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/contao/contao
2
reference_url https://github.com/contao/contao/commit/9445d509f12a7f1b68a4794dcc5e3e459b363ebb
reference_id
reference_type
scores
0
value 8.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/contao/contao/commit/9445d509f12a7f1b68a4794dcc5e3e459b363ebb
3
reference_url https://github.com/contao/contao/commit/a7e39f96ac8fdc281f7caaa96e01deb0e24ac7d3
reference_id
reference_type
scores
0
value 8.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/contao/contao/commit/a7e39f96ac8fdc281f7caaa96e01deb0e24ac7d3
4
reference_url https://github.com/contao/contao/commit/f3db59ffe5a6c0e1f705b3230ebd5ff16865280e
reference_id
reference_type
scores
0
value 8.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/contao/contao/commit/f3db59ffe5a6c0e1f705b3230ebd5ff16865280e
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-45398
reference_id CVE-2024-45398
reference_type
scores
0
value 8.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-45398
6
reference_url https://github.com/advisories/GHSA-vm6r-j788-hjh5
reference_id GHSA-vm6r-j788-hjh5
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-vm6r-j788-hjh5
7
reference_url https://github.com/contao/contao/security/advisories/GHSA-vm6r-j788-hjh5
reference_id GHSA-vm6r-j788-hjh5
reference_type
scores
0
value 8.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N
3
value HIGH
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-18T13:14:03Z/
url https://github.com/contao/contao/security/advisories/GHSA-vm6r-j788-hjh5
8
reference_url https://contao.org/en/security-advisories/remote-command-execution-through-file-uploads
reference_id remote-command-execution-through-file-uploads
reference_type
scores
0
value 8.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-18T13:14:03Z/
url https://contao.org/en/security-advisories/remote-command-execution-through-file-uploads
fixed_packages
0
url pkg:composer/contao/core-bundle@4.13.49
purl pkg:composer/contao/core-bundle@4.13.49
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-37bz-3y5f-k3ca
1
vulnerability VCID-9fgc-p6aq-vygh
2
vulnerability VCID-tchf-hfgv-e3ca
3
vulnerability VCID-ubr4-jj9v-3kcx
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/contao/core-bundle@4.13.49
1
url pkg:composer/contao/core-bundle@5.0.0-RC1
purl pkg:composer/contao/core-bundle@5.0.0-RC1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-37bz-3y5f-k3ca
1
vulnerability VCID-6gfx-t3ns-vuby
2
vulnerability VCID-9fgc-p6aq-vygh
3
vulnerability VCID-j3e7-e9v2-5yh5
4
vulnerability VCID-sng8-95gj-t7bh
5
vulnerability VCID-tchf-hfgv-e3ca
6
vulnerability VCID-w65y-66s4-qbgy
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/contao/core-bundle@5.0.0-RC1
2
url pkg:composer/contao/core-bundle@5.3.15
purl pkg:composer/contao/core-bundle@5.3.15
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-37bz-3y5f-k3ca
1
vulnerability VCID-4s26-ndpg-jkcy
2
vulnerability VCID-9fgc-p6aq-vygh
3
vulnerability VCID-bmg9-saw6-efhd
4
vulnerability VCID-tchf-hfgv-e3ca
5
vulnerability VCID-ubr4-jj9v-3kcx
6
vulnerability VCID-w65y-66s4-qbgy
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/contao/core-bundle@5.3.15
3
url pkg:composer/contao/core-bundle@5.4.0-RC1
purl pkg:composer/contao/core-bundle@5.4.0-RC1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-37bz-3y5f-k3ca
1
vulnerability VCID-4s26-ndpg-jkcy
2
vulnerability VCID-9fgc-p6aq-vygh
3
vulnerability VCID-bmg9-saw6-efhd
4
vulnerability VCID-tchf-hfgv-e3ca
5
vulnerability VCID-w65y-66s4-qbgy
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/contao/core-bundle@5.4.0-RC1
4
url pkg:composer/contao/core-bundle@5.4.3
purl pkg:composer/contao/core-bundle@5.4.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-37bz-3y5f-k3ca
1
vulnerability VCID-4s26-ndpg-jkcy
2
vulnerability VCID-9fgc-p6aq-vygh
3
vulnerability VCID-bmg9-saw6-efhd
4
vulnerability VCID-tchf-hfgv-e3ca
5
vulnerability VCID-ubr4-jj9v-3kcx
6
vulnerability VCID-w65y-66s4-qbgy
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/contao/core-bundle@5.4.3
5
url pkg:composer/contao/core-bundle@5.5.4
purl pkg:composer/contao/core-bundle@5.5.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-37bz-3y5f-k3ca
1
vulnerability VCID-4s26-ndpg-jkcy
2
vulnerability VCID-9fgc-p6aq-vygh
3
vulnerability VCID-bmg9-saw6-efhd
4
vulnerability VCID-tchf-hfgv-e3ca
5
vulnerability VCID-ubr4-jj9v-3kcx
6
vulnerability VCID-w65y-66s4-qbgy
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/contao/core-bundle@5.5.4
aliases CVE-2024-45398, GHSA-vm6r-j788-hjh5
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vfxq-ytb6-aybb
19
url VCID-y4v8-uegv-t3fm
vulnerability_id VCID-y4v8-uegv-t3fm
summary
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-10641
reference_id
reference_type
scores
0
value 0.00266
scoring_system epss
scoring_elements 0.50397
published_at 2026-06-11T12:55:00Z
1
value 0.00266
scoring_system epss
scoring_elements 0.50529
published_at 2026-06-12T12:55:00Z
2
value 0.00266
scoring_system epss
scoring_elements 0.50547
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-10641
1
reference_url https://contao.org/en/news/security-vulnerability-cve-2019-10641.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://contao.org/en/news/security-vulnerability-cve-2019-10641.html
2
reference_url https://github.com/contao/contao/commit/74c7dfafa0dfa5363a9463b486522d5d526e28fe
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/contao/contao/commit/74c7dfafa0dfa5363a9463b486522d5d526e28fe
3
reference_url https://github.com/contao/contao/commit/b92e27bc7c9e59226077937f840c74ffd0f672e8
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/contao/contao/commit/b92e27bc7c9e59226077937f840c74ffd0f672e8
4
reference_url https://github.com/contao/core/commit/119a1b5bd9e62d27ca2838727084d04f3b7fcd32
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/contao/core/commit/119a1b5bd9e62d27ca2838727084d04f3b7fcd32
5
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/contao/contao/CVE-2019-10641.yaml
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/contao/contao/CVE-2019-10641.yaml
6
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/contao/core-bundle/CVE-2019-10641.yaml
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/contao/core-bundle/CVE-2019-10641.yaml
7
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/contao/core/CVE-2019-10641.yaml
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/contao/core/CVE-2019-10641.yaml
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-10641
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-10641
9
reference_url https://github.com/advisories/GHSA-vcgg-hp4r-87gx
reference_id GHSA-vcgg-hp4r-87gx
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-vcgg-hp4r-87gx
fixed_packages
0
url pkg:composer/contao/core-bundle@4.4.37
purl pkg:composer/contao/core-bundle@4.4.37
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2hkz-2zs1-syga
1
vulnerability VCID-2vv2-ej4n-jkap
2
vulnerability VCID-37bz-3y5f-k3ca
3
vulnerability VCID-3ryj-767z-87bq
4
vulnerability VCID-48eq-peme-jyh7
5
vulnerability VCID-6gfx-t3ns-vuby
6
vulnerability VCID-6rht-mw5a-57gn
7
vulnerability VCID-apv4-1x4w-kkcg
8
vulnerability VCID-baa6-3fxe-4udp
9
vulnerability VCID-bzd7-n1ak-mug7
10
vulnerability VCID-cyty-bpmd-xyc3
11
vulnerability VCID-dgnu-4z5a-1bf7
12
vulnerability VCID-j3e7-e9v2-5yh5
13
vulnerability VCID-nk2j-myr2-qfgn
14
vulnerability VCID-p4zh-cenk-rkff
15
vulnerability VCID-tchf-hfgv-e3ca
16
vulnerability VCID-ubr4-jj9v-3kcx
17
vulnerability VCID-vfxq-ytb6-aybb
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/contao/core-bundle@4.4.37
1
url pkg:composer/contao/core-bundle@4.7.3
purl pkg:composer/contao/core-bundle@4.7.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2hkz-2zs1-syga
1
vulnerability VCID-2vv2-ej4n-jkap
2
vulnerability VCID-37bz-3y5f-k3ca
3
vulnerability VCID-3ryj-767z-87bq
4
vulnerability VCID-6gfx-t3ns-vuby
5
vulnerability VCID-6rht-mw5a-57gn
6
vulnerability VCID-apv4-1x4w-kkcg
7
vulnerability VCID-baa6-3fxe-4udp
8
vulnerability VCID-bzd7-n1ak-mug7
9
vulnerability VCID-cyty-bpmd-xyc3
10
vulnerability VCID-dgnu-4z5a-1bf7
11
vulnerability VCID-j3e7-e9v2-5yh5
12
vulnerability VCID-nk2j-myr2-qfgn
13
vulnerability VCID-p4zh-cenk-rkff
14
vulnerability VCID-tchf-hfgv-e3ca
15
vulnerability VCID-tsys-ek4k-z7aw
16
vulnerability VCID-ubr4-jj9v-3kcx
17
vulnerability VCID-vfxq-ytb6-aybb
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/contao/core-bundle@4.7.3
aliases CVE-2019-10641, GHSA-vcgg-hp4r-87gx
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-y4v8-uegv-t3fm
Fixing_vulnerabilities
0
url VCID-2tyq-my7z-u7gt
vulnerability_id VCID-2tyq-my7z-u7gt
summary Cross-site Scripting in Contao
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-10125
reference_id
reference_type
scores
0
value 0.00328
scoring_system epss
scoring_elements 0.56172
published_at 2026-06-11T12:55:00Z
1
value 0.00328
scoring_system epss
scoring_elements 0.56306
published_at 2026-06-13T12:55:00Z
2
value 0.00328
scoring_system epss
scoring_elements 0.56291
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-10125
1
reference_url https://contao.org/en/news/contao-3_5_35.html
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://contao.org/en/news/contao-3_5_35.html
2
reference_url https://contao.org/en/news/contao-4_4_18.html
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://contao.org/en/news/contao-4_4_18.html
3
reference_url https://contao.org/en/security-advisories/cross-site-scripting-in-the-system-log.html
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://contao.org/en/security-advisories/cross-site-scripting-in-the-system-log.html
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-10125
reference_id CVE-2018-10125
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2018-10125
5
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/contao/contao/CVE-2018-10125.yaml
reference_id CVE-2018-10125.YAML
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/contao/contao/CVE-2018-10125.yaml
6
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/contao/core-bundle/CVE-2018-10125.yaml
reference_id CVE-2018-10125.YAML
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/contao/core-bundle/CVE-2018-10125.yaml
7
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/contao/core/CVE-2018-10125.yaml
reference_id CVE-2018-10125.YAML
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/contao/core/CVE-2018-10125.yaml
8
reference_url https://github.com/advisories/GHSA-pj4j-287j-f742
reference_id GHSA-pj4j-287j-f742
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-pj4j-287j-f742
fixed_packages
0
url pkg:composer/contao/core-bundle@3.5.35
purl pkg:composer/contao/core-bundle@3.5.35
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/contao/core-bundle@3.5.35
1
url pkg:composer/contao/core-bundle@4.4.17
purl pkg:composer/contao/core-bundle@4.4.17
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1711-b1vf-7ueh
1
vulnerability VCID-2hkz-2zs1-syga
2
vulnerability VCID-2vv2-ej4n-jkap
3
vulnerability VCID-37bz-3y5f-k3ca
4
vulnerability VCID-3ryj-767z-87bq
5
vulnerability VCID-48eq-peme-jyh7
6
vulnerability VCID-6gfx-t3ns-vuby
7
vulnerability VCID-6rht-mw5a-57gn
8
vulnerability VCID-apv4-1x4w-kkcg
9
vulnerability VCID-baa6-3fxe-4udp
10
vulnerability VCID-bzd7-n1ak-mug7
11
vulnerability VCID-cyty-bpmd-xyc3
12
vulnerability VCID-dgnu-4z5a-1bf7
13
vulnerability VCID-j3e7-e9v2-5yh5
14
vulnerability VCID-nk2j-myr2-qfgn
15
vulnerability VCID-p4zh-cenk-rkff
16
vulnerability VCID-tchf-hfgv-e3ca
17
vulnerability VCID-ubr4-jj9v-3kcx
18
vulnerability VCID-vfxq-ytb6-aybb
19
vulnerability VCID-y4v8-uegv-t3fm
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/contao/core-bundle@4.4.17
2
url pkg:composer/contao/core-bundle@4.4.18
purl pkg:composer/contao/core-bundle@4.4.18
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1711-b1vf-7ueh
1
vulnerability VCID-2hkz-2zs1-syga
2
vulnerability VCID-2vv2-ej4n-jkap
3
vulnerability VCID-37bz-3y5f-k3ca
4
vulnerability VCID-3ryj-767z-87bq
5
vulnerability VCID-48eq-peme-jyh7
6
vulnerability VCID-6gfx-t3ns-vuby
7
vulnerability VCID-6rht-mw5a-57gn
8
vulnerability VCID-apv4-1x4w-kkcg
9
vulnerability VCID-baa6-3fxe-4udp
10
vulnerability VCID-bzd7-n1ak-mug7
11
vulnerability VCID-cyty-bpmd-xyc3
12
vulnerability VCID-dgnu-4z5a-1bf7
13
vulnerability VCID-j3e7-e9v2-5yh5
14
vulnerability VCID-nk2j-myr2-qfgn
15
vulnerability VCID-p4zh-cenk-rkff
16
vulnerability VCID-tchf-hfgv-e3ca
17
vulnerability VCID-ubr4-jj9v-3kcx
18
vulnerability VCID-vfxq-ytb6-aybb
19
vulnerability VCID-y4v8-uegv-t3fm
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/contao/core-bundle@4.4.18
3
url pkg:composer/contao/core-bundle@4.5.7
purl pkg:composer/contao/core-bundle@4.5.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2hkz-2zs1-syga
1
vulnerability VCID-2vv2-ej4n-jkap
2
vulnerability VCID-37bz-3y5f-k3ca
3
vulnerability VCID-3ryj-767z-87bq
4
vulnerability VCID-6gfx-t3ns-vuby
5
vulnerability VCID-6rht-mw5a-57gn
6
vulnerability VCID-apv4-1x4w-kkcg
7
vulnerability VCID-baa6-3fxe-4udp
8
vulnerability VCID-bzd7-n1ak-mug7
9
vulnerability VCID-cyty-bpmd-xyc3
10
vulnerability VCID-dgnu-4z5a-1bf7
11
vulnerability VCID-j3e7-e9v2-5yh5
12
vulnerability VCID-nk2j-myr2-qfgn
13
vulnerability VCID-p4zh-cenk-rkff
14
vulnerability VCID-tchf-hfgv-e3ca
15
vulnerability VCID-tsys-ek4k-z7aw
16
vulnerability VCID-ubr4-jj9v-3kcx
17
vulnerability VCID-vfxq-ytb6-aybb
18
vulnerability VCID-y4v8-uegv-t3fm
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/contao/core-bundle@4.5.7
4
url pkg:composer/contao/core-bundle@4.5.8
purl pkg:composer/contao/core-bundle@4.5.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2hkz-2zs1-syga
1
vulnerability VCID-2vv2-ej4n-jkap
2
vulnerability VCID-37bz-3y5f-k3ca
3
vulnerability VCID-3ryj-767z-87bq
4
vulnerability VCID-6gfx-t3ns-vuby
5
vulnerability VCID-6rht-mw5a-57gn
6
vulnerability VCID-apv4-1x4w-kkcg
7
vulnerability VCID-baa6-3fxe-4udp
8
vulnerability VCID-bzd7-n1ak-mug7
9
vulnerability VCID-cyty-bpmd-xyc3
10
vulnerability VCID-dgnu-4z5a-1bf7
11
vulnerability VCID-j3e7-e9v2-5yh5
12
vulnerability VCID-nk2j-myr2-qfgn
13
vulnerability VCID-p4zh-cenk-rkff
14
vulnerability VCID-tchf-hfgv-e3ca
15
vulnerability VCID-tsys-ek4k-z7aw
16
vulnerability VCID-ubr4-jj9v-3kcx
17
vulnerability VCID-vfxq-ytb6-aybb
18
vulnerability VCID-y4v8-uegv-t3fm
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/contao/core-bundle@4.5.8
aliases CVE-2018-10125, GHSA-pj4j-287j-f742
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2tyq-my7z-u7gt
Risk_score4.5
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:composer/contao/core-bundle@4.4.17