Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:composer/contao/core-bundle@5.0.3
Typecomposer
Namespacecontao
Namecore-bundle
Version5.0.3
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version5.3.42
Latest_non_vulnerable_version5.6.5
Affected_by_vulnerabilities
0
url VCID-2vv2-ej4n-jkap
vulnerability_id VCID-2vv2-ej4n-jkap
summary Contao is an open source content management system. Starting in version 4.0.0 and prior to versions 4.9.42, 4.13.28, and 5.1.10, it is possible for untrusted backend users to inject malicious code into headline fields in the back end, which will be executed both in the element preview (back end) and on the website (front end). Installations are only affected if there are untrusted back end users who have the rights to modify headline fields, or other fields using the input unit widget. Contao 4.9.42, 4.13.28, and 5.1.10 have a patch for this issue. As a workaround, disable the login for all untrusted back end users.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-36806
reference_id
reference_type
scores
0
value 0.00384
scoring_system epss
scoring_elements 0.6018
published_at 2026-06-12T12:55:00Z
1
value 0.00384
scoring_system epss
scoring_elements 0.60072
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-36806
1
reference_url https://github.com/contao/contao
reference_id
reference_type
scores
0
value 6.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/contao/contao
2
reference_url https://herolab.usd.de/security-advisories/usd-2023-0020
reference_id
reference_type
scores
0
value 6.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://herolab.usd.de/security-advisories/usd-2023-0020
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-36806
reference_id
reference_type
scores
0
value 6.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-36806
4
reference_url https://github.com/contao/contao/commit/5c9aff32cfc1f7dc452a045862ac2f86a6b9b4b4
reference_id 5c9aff32cfc1f7dc452a045862ac2f86a6b9b4b4
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L
1
value 6.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-23T18:55:31Z/
url https://github.com/contao/contao/commit/5c9aff32cfc1f7dc452a045862ac2f86a6b9b4b4
5
reference_url https://github.com/contao/contao/commit/c98585d36baa25fda69c062421e7e7eadc53c82b
reference_id c98585d36baa25fda69c062421e7e7eadc53c82b
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L
1
value 6.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-23T18:55:31Z/
url https://github.com/contao/contao/commit/c98585d36baa25fda69c062421e7e7eadc53c82b
6
reference_url https://github.com/contao/contao/commit/ccb64c777eb0f9c0e6490c9135d80e915d37cd32
reference_id ccb64c777eb0f9c0e6490c9135d80e915d37cd32
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L
1
value 6.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-23T18:55:31Z/
url https://github.com/contao/contao/commit/ccb64c777eb0f9c0e6490c9135d80e915d37cd32
7
reference_url https://github.com/advisories/GHSA-4gpr-p634-922x
reference_id GHSA-4gpr-p634-922x
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-4gpr-p634-922x
8
reference_url https://github.com/contao/contao/security/advisories/GHSA-4gpr-p634-922x
reference_id GHSA-4gpr-p634-922x
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L
1
value 6.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L
2
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-23T18:55:31Z/
url https://github.com/contao/contao/security/advisories/GHSA-4gpr-p634-922x
9
reference_url https://herolab.usd.de/security-advisories/usd-2023-0020/
reference_id usd-2023-0020
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-23T18:55:31Z/
url https://herolab.usd.de/security-advisories/usd-2023-0020/
fixed_packages
0
url pkg:composer/contao/core-bundle@5.1.10
purl pkg:composer/contao/core-bundle@5.1.10
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-37bz-3y5f-k3ca
1
vulnerability VCID-6gfx-t3ns-vuby
2
vulnerability VCID-9fgc-p6aq-vygh
3
vulnerability VCID-bmg9-saw6-efhd
4
vulnerability VCID-gm48-5kg3-r7c8
5
vulnerability VCID-j3e7-e9v2-5yh5
6
vulnerability VCID-sng8-95gj-t7bh
7
vulnerability VCID-tchf-hfgv-e3ca
8
vulnerability VCID-vfxq-ytb6-aybb
9
vulnerability VCID-w65y-66s4-qbgy
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/contao/core-bundle@5.1.10
1
url pkg:composer/contao/core-bundle@5.2.0-RC1
purl pkg:composer/contao/core-bundle@5.2.0-RC1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-37bz-3y5f-k3ca
1
vulnerability VCID-6gfx-t3ns-vuby
2
vulnerability VCID-9fgc-p6aq-vygh
3
vulnerability VCID-bmg9-saw6-efhd
4
vulnerability VCID-gm48-5kg3-r7c8
5
vulnerability VCID-j3e7-e9v2-5yh5
6
vulnerability VCID-sng8-95gj-t7bh
7
vulnerability VCID-tchf-hfgv-e3ca
8
vulnerability VCID-vfxq-ytb6-aybb
9
vulnerability VCID-w65y-66s4-qbgy
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/contao/core-bundle@5.2.0-RC1
aliases CVE-2023-36806, GHSA-4gpr-p634-922x
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2vv2-ej4n-jkap
1
url VCID-37bz-3y5f-k3ca
vulnerability_id VCID-37bz-3y5f-k3ca
summary Contao is an Open Source CMS. From version 4.0.0 to before 4.13.57, before 5.3.42, and before 5.6.5, it is possible to inject code into the template output that will be executed in the browser in the front end and back end. This issue has been patched in versions 4.13.57, 5.3.42, and 5.6.5. A workaround for this issue involves not using the affected templates or patch them manually.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-65961
reference_id
reference_type
scores
0
value 0.0002
scoring_system epss
scoring_elements 0.05734
published_at 2026-06-11T12:55:00Z
1
value 0.0002
scoring_system epss
scoring_elements 0.05758
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-65961
1
reference_url https://github.com/contao/contao
reference_id
reference_type
scores
0
value 3.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/contao/contao
2
reference_url https://contao.org/en/security-advisories/cross-site-scripting-in-templates
reference_id cross-site-scripting-in-templates
reference_type
scores
0
value 3.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-25T19:28:53Z/
url https://contao.org/en/security-advisories/cross-site-scripting-in-templates
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-65961
reference_id CVE-2025-65961
reference_type
scores
0
value 3.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-65961
4
reference_url https://github.com/advisories/GHSA-68q5-78xp-cwwc
reference_id GHSA-68q5-78xp-cwwc
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-68q5-78xp-cwwc
5
reference_url https://github.com/contao/contao/security/advisories/GHSA-68q5-78xp-cwwc
reference_id GHSA-68q5-78xp-cwwc
reference_type
scores
0
value 3.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:N
1
value LOW
scoring_system cvssv3.1_qr
scoring_elements
2
value LOW
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-25T19:28:53Z/
url https://github.com/contao/contao/security/advisories/GHSA-68q5-78xp-cwwc
fixed_packages
0
url pkg:composer/contao/core-bundle@5.3.42
purl pkg:composer/contao/core-bundle@5.3.42
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/contao/core-bundle@5.3.42
1
url pkg:composer/contao/core-bundle@5.6.5
purl pkg:composer/contao/core-bundle@5.6.5
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/contao/core-bundle@5.6.5
aliases CVE-2025-65961, GHSA-68q5-78xp-cwwc
risk_score 1.5
exploitability 0.5
weighted_severity 3.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-37bz-3y5f-k3ca
2
url VCID-6gfx-t3ns-vuby
vulnerability_id VCID-6gfx-t3ns-vuby
summary Contao is an open source content management system. Starting in version 4.0.0 and prior to version 4.13.40 and 5.3.4, users can inject malicious code in filenames when uploading files (back end and front end), which is then executed in tooltips and popups in the back end. Contao versions 4.13.40 and 5.3.4 have a patch for this issue. As a workaround, remove upload fields from frontend forms and disable uploads for untrusted back end users.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-28190
reference_id
reference_type
scores
0
value 0.00987
scoring_system epss
scoring_elements 0.77344
published_at 2026-06-12T12:55:00Z
1
value 0.00987
scoring_system epss
scoring_elements 0.77273
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-28190
1
reference_url https://github.com/contao/contao
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/contao/contao
2
reference_url https://github.com/contao/contao/commit/878d28dbe0f408740555d6fc8b634bd3f8febfce
reference_id 878d28dbe0f408740555d6fc8b634bd3f8febfce
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-09T17:12:31Z/
url https://github.com/contao/contao/commit/878d28dbe0f408740555d6fc8b634bd3f8febfce
3
reference_url https://github.com/contao/contao/commit/b794e14fff070101bf6a885da9b1a83395093b4d
reference_id b794e14fff070101bf6a885da9b1a83395093b4d
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-09T17:12:31Z/
url https://github.com/contao/contao/commit/b794e14fff070101bf6a885da9b1a83395093b4d
4
reference_url https://contao.org/en/security-advisories/cross-site-scripting-in-the-file-manager
reference_id cross-site-scripting-in-the-file-manager
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-09T17:12:31Z/
url https://contao.org/en/security-advisories/cross-site-scripting-in-the-file-manager
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-28190
reference_id CVE-2024-28190
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-28190
6
reference_url https://github.com/advisories/GHSA-v24p-7p4j-qvvf
reference_id GHSA-v24p-7p4j-qvvf
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-v24p-7p4j-qvvf
7
reference_url https://github.com/contao/contao/security/advisories/GHSA-v24p-7p4j-qvvf
reference_id GHSA-v24p-7p4j-qvvf
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-09T17:12:31Z/
url https://github.com/contao/contao/security/advisories/GHSA-v24p-7p4j-qvvf
fixed_packages
0
url pkg:composer/contao/core-bundle@5.3.4
purl pkg:composer/contao/core-bundle@5.3.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-37bz-3y5f-k3ca
1
vulnerability VCID-4s26-ndpg-jkcy
2
vulnerability VCID-9fgc-p6aq-vygh
3
vulnerability VCID-bmg9-saw6-efhd
4
vulnerability VCID-gm48-5kg3-r7c8
5
vulnerability VCID-tchf-hfgv-e3ca
6
vulnerability VCID-ubr4-jj9v-3kcx
7
vulnerability VCID-vfxq-ytb6-aybb
8
vulnerability VCID-w65y-66s4-qbgy
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/contao/core-bundle@5.3.4
1
url pkg:composer/contao/core-bundle@5.5.4
purl pkg:composer/contao/core-bundle@5.5.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-37bz-3y5f-k3ca
1
vulnerability VCID-4s26-ndpg-jkcy
2
vulnerability VCID-9fgc-p6aq-vygh
3
vulnerability VCID-bmg9-saw6-efhd
4
vulnerability VCID-tchf-hfgv-e3ca
5
vulnerability VCID-ubr4-jj9v-3kcx
6
vulnerability VCID-w65y-66s4-qbgy
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/contao/core-bundle@5.5.4
aliases CVE-2024-28190, GHSA-v24p-7p4j-qvvf
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6gfx-t3ns-vuby
3
url VCID-9fgc-p6aq-vygh
vulnerability_id VCID-9fgc-p6aq-vygh
summary Contao is an Open Source CMS. In versions starting from 4.9.14 and prior to 4.13.56, 5.3.38, and 5.6.1, protected content elements that are rendered as fragments are indexed and become publicly available in the front end search. This issue has been patched in versions 4.13.56, 5.3.38, and 5.6.1. A workaround involves disabling the front end search.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-57756
reference_id
reference_type
scores
0
value 0.00066
scoring_system epss
scoring_elements 0.20744
published_at 2026-06-11T12:55:00Z
1
value 0.00066
scoring_system epss
scoring_elements 0.2092
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-57756
1
reference_url https://github.com/contao/contao
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/contao/contao
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-57756
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-57756
3
reference_url https://github.com/contao/contao/commit/a03976c459b6f3985a28f6488b82a76ffb6c0514
reference_id a03976c459b6f3985a28f6488b82a76ffb6c0514
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-28T17:49:20Z/
url https://github.com/contao/contao/commit/a03976c459b6f3985a28f6488b82a76ffb6c0514
4
reference_url https://github.com/advisories/GHSA-2xmj-8wmq-7475
reference_id GHSA-2xmj-8wmq-7475
reference_type
scores
url https://github.com/advisories/GHSA-2xmj-8wmq-7475
5
reference_url https://github.com/contao/contao/security/advisories/GHSA-2xmj-8wmq-7475
reference_id GHSA-2xmj-8wmq-7475
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-28T17:49:20Z/
url https://github.com/contao/contao/security/advisories/GHSA-2xmj-8wmq-7475
6
reference_url https://contao.org/en/security-advisories/information-disclosure-in-the-front-end-search-index
reference_id information-disclosure-in-the-front-end-search-index
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-28T17:49:20Z/
url https://contao.org/en/security-advisories/information-disclosure-in-the-front-end-search-index
fixed_packages
0
url pkg:composer/contao/core-bundle@5.3.38
purl pkg:composer/contao/core-bundle@5.3.38
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-37bz-3y5f-k3ca
1
vulnerability VCID-tchf-hfgv-e3ca
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/contao/core-bundle@5.3.38
1
url pkg:composer/contao/core-bundle@5.6.1
purl pkg:composer/contao/core-bundle@5.6.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-37bz-3y5f-k3ca
1
vulnerability VCID-tchf-hfgv-e3ca
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/contao/core-bundle@5.6.1
aliases CVE-2025-57756, GHSA-2xmj-8wmq-7475
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9fgc-p6aq-vygh
4
url VCID-bmg9-saw6-efhd
vulnerability_id VCID-bmg9-saw6-efhd
summary Contao is an Open Source CMS. In versions starting from 5.0.0 and prior to 5.3.38 and 5.6.1, the table access voter in the back end doesn't check if a user is allowed to access the corresponding module. This issue has been patched in versions 5.3.38 and 5.6.1. A workaround involves not relying solely on the voter and additionally to check USER_CAN_ACCESS_MODULE.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-57758
reference_id
reference_type
scores
0
value 0.00062
scoring_system epss
scoring_elements 0.19632
published_at 2026-06-11T12:55:00Z
1
value 0.00062
scoring_system epss
scoring_elements 0.19808
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-57758
1
reference_url https://github.com/contao/contao
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/contao/contao
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-57758
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-57758
3
reference_url https://github.com/contao/contao/commit/3f05c603e1c94d34819f837f060df5d66447d0d7
reference_id 3f05c603e1c94d34819f837f060df5d66447d0d7
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-28T17:19:56Z/
url https://github.com/contao/contao/commit/3f05c603e1c94d34819f837f060df5d66447d0d7
4
reference_url https://github.com/advisories/GHSA-7m47-r75r-cx8v
reference_id GHSA-7m47-r75r-cx8v
reference_type
scores
url https://github.com/advisories/GHSA-7m47-r75r-cx8v
5
reference_url https://github.com/contao/contao/security/advisories/GHSA-7m47-r75r-cx8v
reference_id GHSA-7m47-r75r-cx8v
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-28T17:19:56Z/
url https://github.com/contao/contao/security/advisories/GHSA-7m47-r75r-cx8v
6
reference_url https://contao.org/en/security-advisories/improper-access-control-in-the-back-end-voters
reference_id improper-access-control-in-the-back-end-voters
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-28T17:19:56Z/
url https://contao.org/en/security-advisories/improper-access-control-in-the-back-end-voters
fixed_packages
0
url pkg:composer/contao/core-bundle@5.3.38
purl pkg:composer/contao/core-bundle@5.3.38
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-37bz-3y5f-k3ca
1
vulnerability VCID-tchf-hfgv-e3ca
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/contao/core-bundle@5.3.38
1
url pkg:composer/contao/core-bundle@5.6.1
purl pkg:composer/contao/core-bundle@5.6.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-37bz-3y5f-k3ca
1
vulnerability VCID-tchf-hfgv-e3ca
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/contao/core-bundle@5.6.1
aliases CVE-2025-57758, GHSA-7m47-r75r-cx8v
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-bmg9-saw6-efhd
5
url VCID-bzd7-n1ak-mug7
vulnerability_id VCID-bzd7-n1ak-mug7
summary Contao is an open source content management system. Prior to versions 4.9.40, 4.13.21, and 5.1.4, logged in users can list arbitrary system files in the file manager by manipulating the Ajax request. However, it is not possible to read the contents of these files. Users should update to Contao 4.9.40, 4.13.21 or 5.1.4 to receive a patch. There are no known workarounds.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-29200
reference_id
reference_type
scores
0
value 0.00578
scoring_system epss
scoring_elements 0.69422
published_at 2026-06-12T12:55:00Z
1
value 0.00578
scoring_system epss
scoring_elements 0.69331
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-29200
1
reference_url https://contao.org/en/security-advisories/directory-traversal-in-the-file-manager.html
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://contao.org/en/security-advisories/directory-traversal-in-the-file-manager.html
2
reference_url https://github.com/contao/contao
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/contao/contao
3
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/contao/contao/CVE-2023-29200.yaml
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/contao/contao/CVE-2023-29200.yaml
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-29200
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-29200
5
reference_url https://github.com/contao/contao/commit/6f3e705f4ff23f4419563d09d8485793569f31df
reference_id 6f3e705f4ff23f4419563d09d8485793569f31df
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-03T19:37:07Z/
url https://github.com/contao/contao/commit/6f3e705f4ff23f4419563d09d8485793569f31df
6
reference_url https://contao.org/en/security-advisories/directory-traversal-in-the-file-manager
reference_id directory-traversal-in-the-file-manager
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-03T19:37:07Z/
url https://contao.org/en/security-advisories/directory-traversal-in-the-file-manager
7
reference_url https://github.com/advisories/GHSA-fp7q-xhhw-6rj3
reference_id GHSA-fp7q-xhhw-6rj3
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-fp7q-xhhw-6rj3
8
reference_url https://github.com/contao/contao/security/advisories/GHSA-fp7q-xhhw-6rj3
reference_id GHSA-fp7q-xhhw-6rj3
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
2
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
3
value HIGH
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-03T19:37:07Z/
url https://github.com/contao/contao/security/advisories/GHSA-fp7q-xhhw-6rj3
fixed_packages
0
url pkg:composer/contao/core-bundle@5.1.4
purl pkg:composer/contao/core-bundle@5.1.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2vv2-ej4n-jkap
1
vulnerability VCID-37bz-3y5f-k3ca
2
vulnerability VCID-6gfx-t3ns-vuby
3
vulnerability VCID-9fgc-p6aq-vygh
4
vulnerability VCID-bmg9-saw6-efhd
5
vulnerability VCID-gm48-5kg3-r7c8
6
vulnerability VCID-j3e7-e9v2-5yh5
7
vulnerability VCID-sng8-95gj-t7bh
8
vulnerability VCID-tchf-hfgv-e3ca
9
vulnerability VCID-vfxq-ytb6-aybb
10
vulnerability VCID-w65y-66s4-qbgy
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/contao/core-bundle@5.1.4
1
url pkg:composer/contao/core-bundle@5.5.4
purl pkg:composer/contao/core-bundle@5.5.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-37bz-3y5f-k3ca
1
vulnerability VCID-4s26-ndpg-jkcy
2
vulnerability VCID-9fgc-p6aq-vygh
3
vulnerability VCID-bmg9-saw6-efhd
4
vulnerability VCID-tchf-hfgv-e3ca
5
vulnerability VCID-ubr4-jj9v-3kcx
6
vulnerability VCID-w65y-66s4-qbgy
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/contao/core-bundle@5.5.4
aliases CVE-2023-29200, GHSA-fp7q-xhhw-6rj3
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-bzd7-n1ak-mug7
6
url VCID-gm48-5kg3-r7c8
vulnerability_id VCID-gm48-5kg3-r7c8
summary Contao is an Open Source CMS. In affected versions an untrusted user can inject insert tags into the canonical tag, which are then replaced on the web page (front end). Users are advised to update to Contao 4.13.49, 5.3.15 or 5.4.3. Users unable to upgrade should disable canonical tags in the root page settings.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-45612
reference_id
reference_type
scores
0
value 0.0055
scoring_system epss
scoring_elements 0.6844
published_at 2026-06-11T12:55:00Z
1
value 0.0055
scoring_system epss
scoring_elements 0.68528
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-45612
1
reference_url https://github.com/contao/contao
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/contao/contao
2
reference_url https://github.com/contao/contao/commit/1c28e9ac7a7b915134962a59681a8701a44ccbe2
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/contao/contao/commit/1c28e9ac7a7b915134962a59681a8701a44ccbe2
3
reference_url https://github.com/contao/contao/commit/d105224e14ddc84f27cd8802b553369decdcbe66
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/contao/contao/commit/d105224e14ddc84f27cd8802b553369decdcbe66
4
reference_url https://github.com/contao/contao/commit/ffe05cda5310dc2bd259d1391197f3849dab8590
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/contao/contao/commit/ffe05cda5310dc2bd259d1391197f3849dab8590
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-45612
reference_id CVE-2024-45612
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-45612
6
reference_url https://github.com/advisories/GHSA-2xpq-xp6c-5mgj
reference_id GHSA-2xpq-xp6c-5mgj
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-2xpq-xp6c-5mgj
7
reference_url https://github.com/contao/contao/security/advisories/GHSA-2xpq-xp6c-5mgj
reference_id GHSA-2xpq-xp6c-5mgj
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-18T14:06:58Z/
url https://github.com/contao/contao/security/advisories/GHSA-2xpq-xp6c-5mgj
8
reference_url https://contao.org/en/security-advisories/insert-tag-injection-via-canonical-urls
reference_id insert-tag-injection-via-canonical-urls
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-18T14:06:58Z/
url https://contao.org/en/security-advisories/insert-tag-injection-via-canonical-urls
fixed_packages
0
url pkg:composer/contao/core-bundle@5.3.15
purl pkg:composer/contao/core-bundle@5.3.15
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-37bz-3y5f-k3ca
1
vulnerability VCID-4s26-ndpg-jkcy
2
vulnerability VCID-9fgc-p6aq-vygh
3
vulnerability VCID-bmg9-saw6-efhd
4
vulnerability VCID-tchf-hfgv-e3ca
5
vulnerability VCID-ubr4-jj9v-3kcx
6
vulnerability VCID-w65y-66s4-qbgy
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/contao/core-bundle@5.3.15
1
url pkg:composer/contao/core-bundle@5.4.0-RC1
purl pkg:composer/contao/core-bundle@5.4.0-RC1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-37bz-3y5f-k3ca
1
vulnerability VCID-4s26-ndpg-jkcy
2
vulnerability VCID-9fgc-p6aq-vygh
3
vulnerability VCID-bmg9-saw6-efhd
4
vulnerability VCID-tchf-hfgv-e3ca
5
vulnerability VCID-w65y-66s4-qbgy
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/contao/core-bundle@5.4.0-RC1
2
url pkg:composer/contao/core-bundle@5.4.3
purl pkg:composer/contao/core-bundle@5.4.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-37bz-3y5f-k3ca
1
vulnerability VCID-4s26-ndpg-jkcy
2
vulnerability VCID-9fgc-p6aq-vygh
3
vulnerability VCID-bmg9-saw6-efhd
4
vulnerability VCID-tchf-hfgv-e3ca
5
vulnerability VCID-ubr4-jj9v-3kcx
6
vulnerability VCID-w65y-66s4-qbgy
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/contao/core-bundle@5.4.3
3
url pkg:composer/contao/core-bundle@5.5.4
purl pkg:composer/contao/core-bundle@5.5.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-37bz-3y5f-k3ca
1
vulnerability VCID-4s26-ndpg-jkcy
2
vulnerability VCID-9fgc-p6aq-vygh
3
vulnerability VCID-bmg9-saw6-efhd
4
vulnerability VCID-tchf-hfgv-e3ca
5
vulnerability VCID-ubr4-jj9v-3kcx
6
vulnerability VCID-w65y-66s4-qbgy
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/contao/core-bundle@5.5.4
aliases CVE-2024-45612, GHSA-2xpq-xp6c-5mgj
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-gm48-5kg3-r7c8
7
url VCID-j3e7-e9v2-5yh5
vulnerability_id VCID-j3e7-e9v2-5yh5
summary Contao is an open source content management system. Starting in version 4.0.0 and prior to version 4.13.40 and 5.3.4, it is possible to inject insert tags in frontend forms if the output is structured in a very specific way. Contao versions 4.13.40 and 5.3.4 have a patch for this issue. As a workaround, do not output user data from frontend forms next to each other, always separate them by at least one character.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-28191
reference_id
reference_type
scores
0
value 0.00961
scoring_system epss
scoring_elements 0.76994
published_at 2026-06-12T12:55:00Z
1
value 0.00988
scoring_system epss
scoring_elements 0.7728
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-28191
1
reference_url https://github.com/contao/contao
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/contao/contao
2
reference_url https://github.com/contao/contao/commit/388859dcf110ca70e0fae68a2a5579ab6a702919
reference_id 388859dcf110ca70e0fae68a2a5579ab6a702919
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-29T16:07:38Z/
url https://github.com/contao/contao/commit/388859dcf110ca70e0fae68a2a5579ab6a702919
3
reference_url https://github.com/contao/contao/commit/474a2fc25f1d84d786aba8c6d234af99e64d016b
reference_id 474a2fc25f1d84d786aba8c6d234af99e64d016b
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-29T16:07:38Z/
url https://github.com/contao/contao/commit/474a2fc25f1d84d786aba8c6d234af99e64d016b
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-28191
reference_id CVE-2024-28191
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-28191
5
reference_url https://github.com/advisories/GHSA-747v-52c4-8vj8
reference_id GHSA-747v-52c4-8vj8
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-747v-52c4-8vj8
6
reference_url https://github.com/contao/contao/security/advisories/GHSA-747v-52c4-8vj8
reference_id GHSA-747v-52c4-8vj8
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system cvssv3.1_qr
scoring_elements
2
value LOW
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-29T16:07:38Z/
url https://github.com/contao/contao/security/advisories/GHSA-747v-52c4-8vj8
7
reference_url https://contao.org/en/security-advisories/insert-tag-injection-via-the-form-generator
reference_id insert-tag-injection-via-the-form-generator
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-29T16:07:38Z/
url https://contao.org/en/security-advisories/insert-tag-injection-via-the-form-generator
fixed_packages
0
url pkg:composer/contao/core-bundle@5.3.4
purl pkg:composer/contao/core-bundle@5.3.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-37bz-3y5f-k3ca
1
vulnerability VCID-4s26-ndpg-jkcy
2
vulnerability VCID-9fgc-p6aq-vygh
3
vulnerability VCID-bmg9-saw6-efhd
4
vulnerability VCID-gm48-5kg3-r7c8
5
vulnerability VCID-tchf-hfgv-e3ca
6
vulnerability VCID-ubr4-jj9v-3kcx
7
vulnerability VCID-vfxq-ytb6-aybb
8
vulnerability VCID-w65y-66s4-qbgy
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/contao/core-bundle@5.3.4
1
url pkg:composer/contao/core-bundle@5.5.4
purl pkg:composer/contao/core-bundle@5.5.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-37bz-3y5f-k3ca
1
vulnerability VCID-4s26-ndpg-jkcy
2
vulnerability VCID-9fgc-p6aq-vygh
3
vulnerability VCID-bmg9-saw6-efhd
4
vulnerability VCID-tchf-hfgv-e3ca
5
vulnerability VCID-ubr4-jj9v-3kcx
6
vulnerability VCID-w65y-66s4-qbgy
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/contao/core-bundle@5.5.4
aliases CVE-2024-28191, GHSA-747v-52c4-8vj8
risk_score 1.4
exploitability 0.5
weighted_severity 2.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-j3e7-e9v2-5yh5
8
url VCID-sng8-95gj-t7bh
vulnerability_id VCID-sng8-95gj-t7bh
summary Contao is an open source content management system. Starting in version 4.9.0 and prior to versions 4.13.40 and 5.3.4, when checking for broken links on protected pages, Contao sends the cookie header to external urls as well, the passed options for the http client are used for all requests. Contao versions 4.13.40 and 5.3.4 have a patch for this issue. As a workaround, disable crawling protected pages.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-28235
reference_id
reference_type
scores
0
value 0.00414
scoring_system epss
scoring_elements 0.62153
published_at 2026-06-12T12:55:00Z
1
value 0.00414
scoring_system epss
scoring_elements 0.62052
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-28235
1
reference_url https://github.com/contao/contao
reference_id
reference_type
scores
0
value 8.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/contao/contao
2
reference_url https://github.com/contao/contao/commit/73a2770e2d3535ec9f1b03d54be00e56ebb8ff16
reference_id 73a2770e2d3535ec9f1b03d54be00e56ebb8ff16
reference_type
scores
0
value 8.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
1
value 8.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-10T19:31:57Z/
url https://github.com/contao/contao/commit/73a2770e2d3535ec9f1b03d54be00e56ebb8ff16
3
reference_url https://github.com/contao/contao/commit/79b7620d01ce8f46ce2b331455e0d95e5208de3d
reference_id 79b7620d01ce8f46ce2b331455e0d95e5208de3d
reference_type
scores
0
value 8.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
1
value 8.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-10T19:31:57Z/
url https://github.com/contao/contao/commit/79b7620d01ce8f46ce2b331455e0d95e5208de3d
4
reference_url https://github.com/contao/contao/blob/14e9ef4bc8b82936ba2d0e04164581145a075e2a/core-bundle/src/Resources/contao/classes/Crawl.php#L129
reference_id Crawl.php#L129
reference_type
scores
0
value 8.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
1
value 8.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-10T19:31:57Z/
url https://github.com/contao/contao/blob/14e9ef4bc8b82936ba2d0e04164581145a075e2a/core-bundle/src/Resources/contao/classes/Crawl.php#L129
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-28235
reference_id CVE-2024-28235
reference_type
scores
0
value 8.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-28235
6
reference_url https://github.com/advisories/GHSA-9jh5-qf84-x6pr
reference_id GHSA-9jh5-qf84-x6pr
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-9jh5-qf84-x6pr
7
reference_url https://github.com/contao/contao/security/advisories/GHSA-9jh5-qf84-x6pr
reference_id GHSA-9jh5-qf84-x6pr
reference_type
scores
0
value 8.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
1
value 8.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
2
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
3
value HIGH
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-10T19:31:57Z/
url https://github.com/contao/contao/security/advisories/GHSA-9jh5-qf84-x6pr
8
reference_url https://contao.org/en/security-advisories/session-cookie-disclosure-in-the-crawler
reference_id session-cookie-disclosure-in-the-crawler
reference_type
scores
0
value 8.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
1
value 8.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-10T19:31:57Z/
url https://contao.org/en/security-advisories/session-cookie-disclosure-in-the-crawler
fixed_packages
0
url pkg:composer/contao/core-bundle@5.3.4
purl pkg:composer/contao/core-bundle@5.3.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-37bz-3y5f-k3ca
1
vulnerability VCID-4s26-ndpg-jkcy
2
vulnerability VCID-9fgc-p6aq-vygh
3
vulnerability VCID-bmg9-saw6-efhd
4
vulnerability VCID-gm48-5kg3-r7c8
5
vulnerability VCID-tchf-hfgv-e3ca
6
vulnerability VCID-ubr4-jj9v-3kcx
7
vulnerability VCID-vfxq-ytb6-aybb
8
vulnerability VCID-w65y-66s4-qbgy
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/contao/core-bundle@5.3.4
1
url pkg:composer/contao/core-bundle@5.5.4
purl pkg:composer/contao/core-bundle@5.5.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-37bz-3y5f-k3ca
1
vulnerability VCID-4s26-ndpg-jkcy
2
vulnerability VCID-9fgc-p6aq-vygh
3
vulnerability VCID-bmg9-saw6-efhd
4
vulnerability VCID-tchf-hfgv-e3ca
5
vulnerability VCID-ubr4-jj9v-3kcx
6
vulnerability VCID-w65y-66s4-qbgy
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/contao/core-bundle@5.5.4
aliases CVE-2024-28235, GHSA-9jh5-qf84-x6pr
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-sng8-95gj-t7bh
9
url VCID-tchf-hfgv-e3ca
vulnerability_id VCID-tchf-hfgv-e3ca
summary Contao is an Open Source CMS. From version 4.0.0 to before 4.13.57, before 5.3.42, and before 5.6.5, back end users with precise control over the contents of template closures can execute arbitrary PHP functions that do not have required parameters. This issue has been patched in versions 4.13.57, 5.3.42, and 5.6.5. A workaround for this issue involves manually patching the Contao\Template::once() method.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-65960
reference_id
reference_type
scores
0
value 0.0002
scoring_system epss
scoring_elements 0.05759
published_at 2026-06-11T12:55:00Z
1
value 0.0002
scoring_system epss
scoring_elements 0.05784
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-65960
1
reference_url https://github.com/contao/contao
reference_id
reference_type
scores
0
value 6.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/contao/contao
2
reference_url https://github.com/contao/contao/commit/577d7fdd5b1ca84f65f034ff556865422f0a3bd1
reference_id
reference_type
scores
0
value 6.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/contao/contao/commit/577d7fdd5b1ca84f65f034ff556865422f0a3bd1
3
reference_url https://github.com/contao/contao/commit/676f0855d39007ac9a0dbe7ae6a7414cba2312a5
reference_id
reference_type
scores
0
value 6.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/contao/contao/commit/676f0855d39007ac9a0dbe7ae6a7414cba2312a5
4
reference_url https://github.com/contao/contao/commit/ebf84c90e5679a67060f396b924ce4a3c3f206b3
reference_id
reference_type
scores
0
value 6.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/contao/contao/commit/ebf84c90e5679a67060f396b924ce4a3c3f206b3
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-65960
reference_id CVE-2025-65960
reference_type
scores
0
value 6.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-65960
6
reference_url https://github.com/advisories/GHSA-98vj-mm79-v77r
reference_id GHSA-98vj-mm79-v77r
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-98vj-mm79-v77r
7
reference_url https://github.com/contao/contao/security/advisories/GHSA-98vj-mm79-v77r
reference_id GHSA-98vj-mm79-v77r
reference_type
scores
0
value 6.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-11-25T19:59:53Z/
url https://github.com/contao/contao/security/advisories/GHSA-98vj-mm79-v77r
8
reference_url https://contao.org/en/security-advisories/remote-code-execution-in-template-closures
reference_id remote-code-execution-in-template-closures
reference_type
scores
0
value 6.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-11-25T19:59:53Z/
url https://contao.org/en/security-advisories/remote-code-execution-in-template-closures
fixed_packages
0
url pkg:composer/contao/core-bundle@5.3.42
purl pkg:composer/contao/core-bundle@5.3.42
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/contao/core-bundle@5.3.42
1
url pkg:composer/contao/core-bundle@5.6.5
purl pkg:composer/contao/core-bundle@5.6.5
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/contao/core-bundle@5.6.5
aliases CVE-2025-65960, GHSA-98vj-mm79-v77r
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-tchf-hfgv-e3ca
10
url VCID-vfxq-ytb6-aybb
vulnerability_id VCID-vfxq-ytb6-aybb
summary Contao is an Open Source CMS. In affected versions a back end user with access to the file manager can upload malicious files and execute them on the server. Users are advised to update to Contao 4.13.49, 5.3.15 or 5.4.3. Users unable to update are advised to configure their web server so it does not execute PHP files and other scripts in the Contao file upload directory.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-45398
reference_id
reference_type
scores
0
value 0.00211
scoring_system epss
scoring_elements 0.43749
published_at 2026-06-11T12:55:00Z
1
value 0.00211
scoring_system epss
scoring_elements 0.43904
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-45398
1
reference_url https://github.com/contao/contao
reference_id
reference_type
scores
0
value 8.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/contao/contao
2
reference_url https://github.com/contao/contao/commit/9445d509f12a7f1b68a4794dcc5e3e459b363ebb
reference_id
reference_type
scores
0
value 8.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/contao/contao/commit/9445d509f12a7f1b68a4794dcc5e3e459b363ebb
3
reference_url https://github.com/contao/contao/commit/a7e39f96ac8fdc281f7caaa96e01deb0e24ac7d3
reference_id
reference_type
scores
0
value 8.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/contao/contao/commit/a7e39f96ac8fdc281f7caaa96e01deb0e24ac7d3
4
reference_url https://github.com/contao/contao/commit/f3db59ffe5a6c0e1f705b3230ebd5ff16865280e
reference_id
reference_type
scores
0
value 8.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/contao/contao/commit/f3db59ffe5a6c0e1f705b3230ebd5ff16865280e
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-45398
reference_id CVE-2024-45398
reference_type
scores
0
value 8.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-45398
6
reference_url https://github.com/advisories/GHSA-vm6r-j788-hjh5
reference_id GHSA-vm6r-j788-hjh5
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-vm6r-j788-hjh5
7
reference_url https://github.com/contao/contao/security/advisories/GHSA-vm6r-j788-hjh5
reference_id GHSA-vm6r-j788-hjh5
reference_type
scores
0
value 8.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N
3
value HIGH
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-18T13:14:03Z/
url https://github.com/contao/contao/security/advisories/GHSA-vm6r-j788-hjh5
8
reference_url https://contao.org/en/security-advisories/remote-command-execution-through-file-uploads
reference_id remote-command-execution-through-file-uploads
reference_type
scores
0
value 8.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-18T13:14:03Z/
url https://contao.org/en/security-advisories/remote-command-execution-through-file-uploads
fixed_packages
0
url pkg:composer/contao/core-bundle@5.3.15
purl pkg:composer/contao/core-bundle@5.3.15
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-37bz-3y5f-k3ca
1
vulnerability VCID-4s26-ndpg-jkcy
2
vulnerability VCID-9fgc-p6aq-vygh
3
vulnerability VCID-bmg9-saw6-efhd
4
vulnerability VCID-tchf-hfgv-e3ca
5
vulnerability VCID-ubr4-jj9v-3kcx
6
vulnerability VCID-w65y-66s4-qbgy
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/contao/core-bundle@5.3.15
1
url pkg:composer/contao/core-bundle@5.4.0-RC1
purl pkg:composer/contao/core-bundle@5.4.0-RC1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-37bz-3y5f-k3ca
1
vulnerability VCID-4s26-ndpg-jkcy
2
vulnerability VCID-9fgc-p6aq-vygh
3
vulnerability VCID-bmg9-saw6-efhd
4
vulnerability VCID-tchf-hfgv-e3ca
5
vulnerability VCID-w65y-66s4-qbgy
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/contao/core-bundle@5.4.0-RC1
2
url pkg:composer/contao/core-bundle@5.4.3
purl pkg:composer/contao/core-bundle@5.4.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-37bz-3y5f-k3ca
1
vulnerability VCID-4s26-ndpg-jkcy
2
vulnerability VCID-9fgc-p6aq-vygh
3
vulnerability VCID-bmg9-saw6-efhd
4
vulnerability VCID-tchf-hfgv-e3ca
5
vulnerability VCID-ubr4-jj9v-3kcx
6
vulnerability VCID-w65y-66s4-qbgy
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/contao/core-bundle@5.4.3
3
url pkg:composer/contao/core-bundle@5.5.4
purl pkg:composer/contao/core-bundle@5.5.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-37bz-3y5f-k3ca
1
vulnerability VCID-4s26-ndpg-jkcy
2
vulnerability VCID-9fgc-p6aq-vygh
3
vulnerability VCID-bmg9-saw6-efhd
4
vulnerability VCID-tchf-hfgv-e3ca
5
vulnerability VCID-ubr4-jj9v-3kcx
6
vulnerability VCID-w65y-66s4-qbgy
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/contao/core-bundle@5.5.4
aliases CVE-2024-45398, GHSA-vm6r-j788-hjh5
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vfxq-ytb6-aybb
11
url VCID-w65y-66s4-qbgy
vulnerability_id VCID-w65y-66s4-qbgy
summary Contao is an Open Source CMS. In versions starting from 5.0.0 and prior to 5.3.38 and 5.6.1, if a news feed contains protected news archives, their news items are not filtered and become publicly available in the RSS feed. This issue has been patched in versions 5.3.38 and 5.6.1. A workaround involves not adding protected news archives to the news feed page.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-57757
reference_id
reference_type
scores
0
value 0.00078
scoring_system epss
scoring_elements 0.232
published_at 2026-06-11T12:55:00Z
1
value 0.00078
scoring_system epss
scoring_elements 0.23394
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-57757
1
reference_url https://github.com/contao/contao
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/contao/contao
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-57757
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-57757
3
reference_url https://github.com/contao/contao/commit/e75f46b11974fbf7a4652e65c19ad6ca84c59271
reference_id e75f46b11974fbf7a4652e65c19ad6ca84c59271
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-28T17:45:40Z/
url https://github.com/contao/contao/commit/e75f46b11974fbf7a4652e65c19ad6ca84c59271
4
reference_url https://github.com/advisories/GHSA-w53m-gxvg-vx7p
reference_id GHSA-w53m-gxvg-vx7p
reference_type
scores
url https://github.com/advisories/GHSA-w53m-gxvg-vx7p
5
reference_url https://github.com/contao/contao/security/advisories/GHSA-w53m-gxvg-vx7p
reference_id GHSA-w53m-gxvg-vx7p
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-28T17:45:40Z/
url https://github.com/contao/contao/security/advisories/GHSA-w53m-gxvg-vx7p
6
reference_url https://contao.org/en/security-advisories/information-disclosure-in-the-news-module
reference_id information-disclosure-in-the-news-module
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-28T17:45:40Z/
url https://contao.org/en/security-advisories/information-disclosure-in-the-news-module
fixed_packages
0
url pkg:composer/contao/core-bundle@5.3.38
purl pkg:composer/contao/core-bundle@5.3.38
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-37bz-3y5f-k3ca
1
vulnerability VCID-tchf-hfgv-e3ca
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/contao/core-bundle@5.3.38
1
url pkg:composer/contao/core-bundle@5.6.1
purl pkg:composer/contao/core-bundle@5.6.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-37bz-3y5f-k3ca
1
vulnerability VCID-tchf-hfgv-e3ca
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/contao/core-bundle@5.6.1
aliases CVE-2025-57757, GHSA-w53m-gxvg-vx7p
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-w65y-66s4-qbgy
Fixing_vulnerabilities
Risk_score4.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:composer/contao/core-bundle@5.0.3