Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:composer/contao/core-bundle@5.3.3
Typecomposer
Namespacecontao
Namecore-bundle
Version5.3.3
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version5.3.42
Latest_non_vulnerable_version5.6.5
Affected_by_vulnerabilities
0
url VCID-2w7m-mb7e-tqe6
vulnerability_id VCID-2w7m-mb7e-tqe6
summary 
Contao Vulnerable to Cross-Site Scripting (XSS) through SVG uploads
Users can upload SVG files with malicious code, which is then executed in the back end and/or front end.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-29790
reference_id
reference_type
scores
0
value 0.00533
scoring_system epss
scoring_elements 0.67772
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-29790
1
reference_url https://contao.org/en/security-advisories/cross-site-scripting-through-svg-uploads
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-18T18:48:29Z/
url https://contao.org/en/security-advisories/cross-site-scripting-through-svg-uploads
2
reference_url https://github.com/contao/contao
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/contao/contao
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-29790
reference_id CVE-2025-29790
reference_type
scores
0
value 4.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-29790
4
reference_url https://github.com/advisories/GHSA-vqqr-fgmh-f626
reference_id GHSA-vqqr-fgmh-f626
reference_type
scores
url https://github.com/advisories/GHSA-vqqr-fgmh-f626
5
reference_url https://github.com/contao/contao/security/advisories/GHSA-vqqr-fgmh-f626
reference_id GHSA-vqqr-fgmh-f626
reference_type
scores
0
value 4.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-18T18:48:29Z/
url https://github.com/contao/contao/security/advisories/GHSA-vqqr-fgmh-f626
fixed_packages
0
url pkg:composer/contao/core-bundle@5.3.30
purl pkg:composer/contao/core-bundle@5.3.30
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-afma-748j-uqae
1
vulnerability VCID-f1az-1ejn-53f7
2
vulnerability VCID-p4tq-y4en-57ag
3
vulnerability VCID-r1h5-ag74-dbaw
4
vulnerability VCID-wyd5-t8at-8bba
5
vulnerability VCID-ycnh-mnst-duap
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/contao/core-bundle@5.3.30
1
url pkg:composer/contao/core-bundle@5.4.0-RC1
purl pkg:composer/contao/core-bundle@5.4.0-RC1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-afma-748j-uqae
1
vulnerability VCID-f1az-1ejn-53f7
2
vulnerability VCID-p4tq-y4en-57ag
3
vulnerability VCID-r1h5-ag74-dbaw
4
vulnerability VCID-wyd5-t8at-8bba
5
vulnerability VCID-ycnh-mnst-duap
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/contao/core-bundle@5.4.0-RC1
2
url pkg:composer/contao/core-bundle@5.5.6
purl pkg:composer/contao/core-bundle@5.5.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-afma-748j-uqae
1
vulnerability VCID-f1az-1ejn-53f7
2
vulnerability VCID-p4tq-y4en-57ag
3
vulnerability VCID-r1h5-ag74-dbaw
4
vulnerability VCID-wyd5-t8at-8bba
5
vulnerability VCID-ycnh-mnst-duap
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/contao/core-bundle@5.5.6
aliases CVE-2025-29790, GHSA-vqqr-fgmh-f626
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2w7m-mb7e-tqe6
1
url VCID-afma-748j-uqae
vulnerability_id VCID-afma-748j-uqae
summary 
Contao can disclose sensitive information in the news module
If a news feed contains protected news archives, their news items are not filtered and become publicly available in the RSS feed.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-57757
reference_id
reference_type
scores
0
value 0.00078
scoring_system epss
scoring_elements 0.23271
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-57757
1
reference_url https://contao.org/en/security-advisories/information-disclosure-in-the-news-module
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-28T17:45:40Z/
url https://contao.org/en/security-advisories/information-disclosure-in-the-news-module
2
reference_url https://github.com/contao/contao
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/contao/contao
3
reference_url https://github.com/contao/contao/commit/e75f46b11974fbf7a4652e65c19ad6ca84c59271
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-28T17:45:40Z/
url https://github.com/contao/contao/commit/e75f46b11974fbf7a4652e65c19ad6ca84c59271
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-57757
reference_id CVE-2025-57757
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-57757
5
reference_url https://github.com/advisories/GHSA-w53m-gxvg-vx7p
reference_id GHSA-w53m-gxvg-vx7p
reference_type
scores
url https://github.com/advisories/GHSA-w53m-gxvg-vx7p
6
reference_url https://github.com/contao/contao/security/advisories/GHSA-w53m-gxvg-vx7p
reference_id GHSA-w53m-gxvg-vx7p
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-28T17:45:40Z/
url https://github.com/contao/contao/security/advisories/GHSA-w53m-gxvg-vx7p
fixed_packages
0
url pkg:composer/contao/core-bundle@5.3.38
purl pkg:composer/contao/core-bundle@5.3.38
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-r1h5-ag74-dbaw
1
vulnerability VCID-wyd5-t8at-8bba
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/contao/core-bundle@5.3.38
1
url pkg:composer/contao/core-bundle@5.6.1
purl pkg:composer/contao/core-bundle@5.6.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-r1h5-ag74-dbaw
1
vulnerability VCID-wyd5-t8at-8bba
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/contao/core-bundle@5.6.1
aliases CVE-2025-57757, GHSA-w53m-gxvg-vx7p
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-afma-748j-uqae
2
url VCID-f1az-1ejn-53f7
vulnerability_id VCID-f1az-1ejn-53f7
summary 
Contao discloses sensitive information in the front end search index
Protected content elements that are rendered as fragments are indexed and become publicly available in the front end search.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-57756
reference_id
reference_type
scores
0
value 0.00066
scoring_system epss
scoring_elements 0.20802
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-57756
1
reference_url https://contao.org/en/security-advisories/information-disclosure-in-the-front-end-search-index
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-28T17:49:20Z/
url https://contao.org/en/security-advisories/information-disclosure-in-the-front-end-search-index
2
reference_url https://github.com/contao/contao
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/contao/contao
3
reference_url https://github.com/contao/contao/commit/a03976c459b6f3985a28f6488b82a76ffb6c0514
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-28T17:49:20Z/
url https://github.com/contao/contao/commit/a03976c459b6f3985a28f6488b82a76ffb6c0514
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-57756
reference_id CVE-2025-57756
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-57756
5
reference_url https://github.com/advisories/GHSA-2xmj-8wmq-7475
reference_id GHSA-2xmj-8wmq-7475
reference_type
scores
url https://github.com/advisories/GHSA-2xmj-8wmq-7475
6
reference_url https://github.com/contao/contao/security/advisories/GHSA-2xmj-8wmq-7475
reference_id GHSA-2xmj-8wmq-7475
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-28T17:49:20Z/
url https://github.com/contao/contao/security/advisories/GHSA-2xmj-8wmq-7475
fixed_packages
0
url pkg:composer/contao/core-bundle@5.3.38
purl pkg:composer/contao/core-bundle@5.3.38
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-r1h5-ag74-dbaw
1
vulnerability VCID-wyd5-t8at-8bba
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/contao/core-bundle@5.3.38
1
url pkg:composer/contao/core-bundle@5.6.1
purl pkg:composer/contao/core-bundle@5.6.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-r1h5-ag74-dbaw
1
vulnerability VCID-wyd5-t8at-8bba
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/contao/core-bundle@5.6.1
aliases CVE-2025-57756, GHSA-2xmj-8wmq-7475
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-f1az-1ejn-53f7
3
url VCID-f8ny-db5g-pkhw
vulnerability_id VCID-f8ny-db5g-pkhw
summary 
Contao affected by remote command execution through file upload
Back end users with access to the file manager can upload malicious files and execute them on the server.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-45398
reference_id
reference_type
scores
0
value 0.00211
scoring_system epss
scoring_elements 0.4373
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-45398
1
reference_url https://contao.org/en/security-advisories/remote-command-execution-through-file-uploads
reference_id
reference_type
scores
0
value 8.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-18T13:14:03Z/
url https://contao.org/en/security-advisories/remote-command-execution-through-file-uploads
2
reference_url https://github.com/contao/contao
reference_id
reference_type
scores
0
value 8.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/contao/contao
3
reference_url https://github.com/contao/contao/commit/9445d509f12a7f1b68a4794dcc5e3e459b363ebb
reference_id
reference_type
scores
0
value 8.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/contao/contao/commit/9445d509f12a7f1b68a4794dcc5e3e459b363ebb
4
reference_url https://github.com/contao/contao/commit/a7e39f96ac8fdc281f7caaa96e01deb0e24ac7d3
reference_id
reference_type
scores
0
value 8.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/contao/contao/commit/a7e39f96ac8fdc281f7caaa96e01deb0e24ac7d3
5
reference_url https://github.com/contao/contao/commit/f3db59ffe5a6c0e1f705b3230ebd5ff16865280e
reference_id
reference_type
scores
0
value 8.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/contao/contao/commit/f3db59ffe5a6c0e1f705b3230ebd5ff16865280e
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-45398
reference_id CVE-2024-45398
reference_type
scores
0
value 8.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-45398
7
reference_url https://github.com/advisories/GHSA-vm6r-j788-hjh5
reference_id GHSA-vm6r-j788-hjh5
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-vm6r-j788-hjh5
8
reference_url https://github.com/contao/contao/security/advisories/GHSA-vm6r-j788-hjh5
reference_id GHSA-vm6r-j788-hjh5
reference_type
scores
0
value 8.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N
3
value HIGH
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-18T13:14:03Z/
url https://github.com/contao/contao/security/advisories/GHSA-vm6r-j788-hjh5
fixed_packages
0
url pkg:composer/contao/core-bundle@5.3.15
purl pkg:composer/contao/core-bundle@5.3.15
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2w7m-mb7e-tqe6
1
vulnerability VCID-afma-748j-uqae
2
vulnerability VCID-f1az-1ejn-53f7
3
vulnerability VCID-p4tq-y4en-57ag
4
vulnerability VCID-r1h5-ag74-dbaw
5
vulnerability VCID-wyd5-t8at-8bba
6
vulnerability VCID-ycnh-mnst-duap
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/contao/core-bundle@5.3.15
1
url pkg:composer/contao/core-bundle@5.4.0-RC1
purl pkg:composer/contao/core-bundle@5.4.0-RC1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-afma-748j-uqae
1
vulnerability VCID-f1az-1ejn-53f7
2
vulnerability VCID-p4tq-y4en-57ag
3
vulnerability VCID-r1h5-ag74-dbaw
4
vulnerability VCID-wyd5-t8at-8bba
5
vulnerability VCID-ycnh-mnst-duap
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/contao/core-bundle@5.4.0-RC1
2
url pkg:composer/contao/core-bundle@5.4.3
purl pkg:composer/contao/core-bundle@5.4.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2w7m-mb7e-tqe6
1
vulnerability VCID-afma-748j-uqae
2
vulnerability VCID-f1az-1ejn-53f7
3
vulnerability VCID-p4tq-y4en-57ag
4
vulnerability VCID-r1h5-ag74-dbaw
5
vulnerability VCID-wyd5-t8at-8bba
6
vulnerability VCID-ycnh-mnst-duap
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/contao/core-bundle@5.4.3
3
url pkg:composer/contao/core-bundle@5.5.4
purl pkg:composer/contao/core-bundle@5.5.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2w7m-mb7e-tqe6
1
vulnerability VCID-afma-748j-uqae
2
vulnerability VCID-f1az-1ejn-53f7
3
vulnerability VCID-p4tq-y4en-57ag
4
vulnerability VCID-r1h5-ag74-dbaw
5
vulnerability VCID-wyd5-t8at-8bba
6
vulnerability VCID-ycnh-mnst-duap
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/contao/core-bundle@5.5.4
aliases CVE-2024-45398, GHSA-vm6r-j788-hjh5
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-f8ny-db5g-pkhw
4
url VCID-gwea-1srz-9uca
vulnerability_id VCID-gwea-1srz-9uca
summary 
Contao affected by insert tag injection via canonical URL
It is possible to inject insert tags in canonical URLs which will be replaced when the page is rendered.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-45612
reference_id
reference_type
scores
0
value 0.0055
scoring_system epss
scoring_elements 0.68381
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-45612
1
reference_url https://contao.org/en/security-advisories/insert-tag-injection-via-canonical-urls
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-18T14:06:58Z/
url https://contao.org/en/security-advisories/insert-tag-injection-via-canonical-urls
2
reference_url https://github.com/contao/contao
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/contao/contao
3
reference_url https://github.com/contao/contao/commit/1c28e9ac7a7b915134962a59681a8701a44ccbe2
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/contao/contao/commit/1c28e9ac7a7b915134962a59681a8701a44ccbe2
4
reference_url https://github.com/contao/contao/commit/d105224e14ddc84f27cd8802b553369decdcbe66
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/contao/contao/commit/d105224e14ddc84f27cd8802b553369decdcbe66
5
reference_url https://github.com/contao/contao/commit/ffe05cda5310dc2bd259d1391197f3849dab8590
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/contao/contao/commit/ffe05cda5310dc2bd259d1391197f3849dab8590
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-45612
reference_id CVE-2024-45612
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-45612
7
reference_url https://github.com/advisories/GHSA-2xpq-xp6c-5mgj
reference_id GHSA-2xpq-xp6c-5mgj
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-2xpq-xp6c-5mgj
8
reference_url https://github.com/contao/contao/security/advisories/GHSA-2xpq-xp6c-5mgj
reference_id GHSA-2xpq-xp6c-5mgj
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-18T14:06:58Z/
url https://github.com/contao/contao/security/advisories/GHSA-2xpq-xp6c-5mgj
fixed_packages
0
url pkg:composer/contao/core-bundle@5.3.15
purl pkg:composer/contao/core-bundle@5.3.15
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2w7m-mb7e-tqe6
1
vulnerability VCID-afma-748j-uqae
2
vulnerability VCID-f1az-1ejn-53f7
3
vulnerability VCID-p4tq-y4en-57ag
4
vulnerability VCID-r1h5-ag74-dbaw
5
vulnerability VCID-wyd5-t8at-8bba
6
vulnerability VCID-ycnh-mnst-duap
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/contao/core-bundle@5.3.15
1
url pkg:composer/contao/core-bundle@5.4.0-RC1
purl pkg:composer/contao/core-bundle@5.4.0-RC1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-afma-748j-uqae
1
vulnerability VCID-f1az-1ejn-53f7
2
vulnerability VCID-p4tq-y4en-57ag
3
vulnerability VCID-r1h5-ag74-dbaw
4
vulnerability VCID-wyd5-t8at-8bba
5
vulnerability VCID-ycnh-mnst-duap
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/contao/core-bundle@5.4.0-RC1
2
url pkg:composer/contao/core-bundle@5.4.3
purl pkg:composer/contao/core-bundle@5.4.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2w7m-mb7e-tqe6
1
vulnerability VCID-afma-748j-uqae
2
vulnerability VCID-f1az-1ejn-53f7
3
vulnerability VCID-p4tq-y4en-57ag
4
vulnerability VCID-r1h5-ag74-dbaw
5
vulnerability VCID-wyd5-t8at-8bba
6
vulnerability VCID-ycnh-mnst-duap
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/contao/core-bundle@5.4.3
3
url pkg:composer/contao/core-bundle@5.5.4
purl pkg:composer/contao/core-bundle@5.5.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2w7m-mb7e-tqe6
1
vulnerability VCID-afma-748j-uqae
2
vulnerability VCID-f1az-1ejn-53f7
3
vulnerability VCID-p4tq-y4en-57ag
4
vulnerability VCID-r1h5-ag74-dbaw
5
vulnerability VCID-wyd5-t8at-8bba
6
vulnerability VCID-ycnh-mnst-duap
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/contao/core-bundle@5.5.4
aliases CVE-2024-45612, GHSA-2xpq-xp6c-5mgj
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-gwea-1srz-9uca
5
url VCID-gzzh-6ysu-9yey
vulnerability_id VCID-gzzh-6ysu-9yey
summary 
Contao: Possible cookie sharing with external domains while checking protected pages for broken links
If the crawler is set to crawl protected pages, it sends the cookie header to externals URLs.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-28235
reference_id
reference_type
scores
0
value 0.00414
scoring_system epss
scoring_elements 0.61988
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-28235
1
reference_url https://contao.org/en/security-advisories/session-cookie-disclosure-in-the-crawler
reference_id
reference_type
scores
0
value 8.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
1
value 8.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-10T19:31:57Z/
url https://contao.org/en/security-advisories/session-cookie-disclosure-in-the-crawler
2
reference_url https://github.com/contao/contao
reference_id
reference_type
scores
0
value 8.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/contao/contao
3
reference_url https://github.com/contao/contao/blob/14e9ef4bc8b82936ba2d0e04164581145a075e2a/core-bundle/src/Resources/contao/classes/Crawl.php#L129
reference_id
reference_type
scores
0
value 8.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
1
value 8.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-10T19:31:57Z/
url https://github.com/contao/contao/blob/14e9ef4bc8b82936ba2d0e04164581145a075e2a/core-bundle/src/Resources/contao/classes/Crawl.php#L129
4
reference_url https://github.com/contao/contao/commit/73a2770e2d3535ec9f1b03d54be00e56ebb8ff16
reference_id
reference_type
scores
0
value 8.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
1
value 8.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-10T19:31:57Z/
url https://github.com/contao/contao/commit/73a2770e2d3535ec9f1b03d54be00e56ebb8ff16
5
reference_url https://github.com/contao/contao/commit/79b7620d01ce8f46ce2b331455e0d95e5208de3d
reference_id
reference_type
scores
0
value 8.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
1
value 8.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-10T19:31:57Z/
url https://github.com/contao/contao/commit/79b7620d01ce8f46ce2b331455e0d95e5208de3d
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-28235
reference_id CVE-2024-28235
reference_type
scores
0
value 8.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-28235
7
reference_url https://github.com/advisories/GHSA-9jh5-qf84-x6pr
reference_id GHSA-9jh5-qf84-x6pr
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-9jh5-qf84-x6pr
8
reference_url https://github.com/contao/contao/security/advisories/GHSA-9jh5-qf84-x6pr
reference_id GHSA-9jh5-qf84-x6pr
reference_type
scores
0
value 8.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
1
value 8.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
2
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
3
value HIGH
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-10T19:31:57Z/
url https://github.com/contao/contao/security/advisories/GHSA-9jh5-qf84-x6pr
fixed_packages
0
url pkg:composer/contao/core-bundle@5.3.4
purl pkg:composer/contao/core-bundle@5.3.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2w7m-mb7e-tqe6
1
vulnerability VCID-afma-748j-uqae
2
vulnerability VCID-f1az-1ejn-53f7
3
vulnerability VCID-f8ny-db5g-pkhw
4
vulnerability VCID-gwea-1srz-9uca
5
vulnerability VCID-p4tq-y4en-57ag
6
vulnerability VCID-r1h5-ag74-dbaw
7
vulnerability VCID-wyd5-t8at-8bba
8
vulnerability VCID-ycnh-mnst-duap
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/contao/core-bundle@5.3.4
1
url pkg:composer/contao/core-bundle@5.5.4
purl pkg:composer/contao/core-bundle@5.5.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2w7m-mb7e-tqe6
1
vulnerability VCID-afma-748j-uqae
2
vulnerability VCID-f1az-1ejn-53f7
3
vulnerability VCID-p4tq-y4en-57ag
4
vulnerability VCID-r1h5-ag74-dbaw
5
vulnerability VCID-wyd5-t8at-8bba
6
vulnerability VCID-ycnh-mnst-duap
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/contao/core-bundle@5.5.4
aliases CVE-2024-28235, GHSA-9jh5-qf84-x6pr
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-gzzh-6ysu-9yey
6
url VCID-jbcs-b2p9-myhz
vulnerability_id VCID-jbcs-b2p9-myhz
summary 
Contao: Cross site scripting in the file manager
Users can insert malicious code into file names when uploading files, which is then executed in tooltips and popups in the backend.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-28190
reference_id
reference_type
scores
0
value 0.00987
scoring_system epss
scoring_elements 0.77223
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-28190
1
reference_url https://contao.org/en/security-advisories/cross-site-scripting-in-the-file-manager
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-09T17:12:31Z/
url https://contao.org/en/security-advisories/cross-site-scripting-in-the-file-manager
2
reference_url https://github.com/contao/contao
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/contao/contao
3
reference_url https://github.com/contao/contao/commit/878d28dbe0f408740555d6fc8b634bd3f8febfce
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-09T17:12:31Z/
url https://github.com/contao/contao/commit/878d28dbe0f408740555d6fc8b634bd3f8febfce
4
reference_url https://github.com/contao/contao/commit/b794e14fff070101bf6a885da9b1a83395093b4d
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-09T17:12:31Z/
url https://github.com/contao/contao/commit/b794e14fff070101bf6a885da9b1a83395093b4d
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-28190
reference_id CVE-2024-28190
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-28190
6
reference_url https://github.com/advisories/GHSA-v24p-7p4j-qvvf
reference_id GHSA-v24p-7p4j-qvvf
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-v24p-7p4j-qvvf
7
reference_url https://github.com/contao/contao/security/advisories/GHSA-v24p-7p4j-qvvf
reference_id GHSA-v24p-7p4j-qvvf
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-09T17:12:31Z/
url https://github.com/contao/contao/security/advisories/GHSA-v24p-7p4j-qvvf
fixed_packages
0
url pkg:composer/contao/core-bundle@5.3.4
purl pkg:composer/contao/core-bundle@5.3.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2w7m-mb7e-tqe6
1
vulnerability VCID-afma-748j-uqae
2
vulnerability VCID-f1az-1ejn-53f7
3
vulnerability VCID-f8ny-db5g-pkhw
4
vulnerability VCID-gwea-1srz-9uca
5
vulnerability VCID-p4tq-y4en-57ag
6
vulnerability VCID-r1h5-ag74-dbaw
7
vulnerability VCID-wyd5-t8at-8bba
8
vulnerability VCID-ycnh-mnst-duap
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/contao/core-bundle@5.3.4
1
url pkg:composer/contao/core-bundle@5.5.4
purl pkg:composer/contao/core-bundle@5.5.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2w7m-mb7e-tqe6
1
vulnerability VCID-afma-748j-uqae
2
vulnerability VCID-f1az-1ejn-53f7
3
vulnerability VCID-p4tq-y4en-57ag
4
vulnerability VCID-r1h5-ag74-dbaw
5
vulnerability VCID-wyd5-t8at-8bba
6
vulnerability VCID-ycnh-mnst-duap
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/contao/core-bundle@5.5.4
aliases CVE-2024-28190, GHSA-v24p-7p4j-qvvf
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jbcs-b2p9-myhz
7
url VCID-jzx2-et8q-7qhm
vulnerability_id VCID-jzx2-et8q-7qhm
summary 
Contao: Unencoded insert tags in the frontend
It is possible to inject insert tags via the form generator if the submitted form data is output on the page in a specific way.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-28191
reference_id
reference_type
scores
0
value 0.00988
scoring_system epss
scoring_elements 0.7723
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-28191
1
reference_url https://contao.org/en/security-advisories/insert-tag-injection-via-the-form-generator
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-29T16:07:38Z/
url https://contao.org/en/security-advisories/insert-tag-injection-via-the-form-generator
2
reference_url https://github.com/contao/contao
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/contao/contao
3
reference_url https://github.com/contao/contao/commit/388859dcf110ca70e0fae68a2a5579ab6a702919
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-29T16:07:38Z/
url https://github.com/contao/contao/commit/388859dcf110ca70e0fae68a2a5579ab6a702919
4
reference_url https://github.com/contao/contao/commit/474a2fc25f1d84d786aba8c6d234af99e64d016b
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-29T16:07:38Z/
url https://github.com/contao/contao/commit/474a2fc25f1d84d786aba8c6d234af99e64d016b
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-28191
reference_id CVE-2024-28191
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-28191
6
reference_url https://github.com/advisories/GHSA-747v-52c4-8vj8
reference_id GHSA-747v-52c4-8vj8
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-747v-52c4-8vj8
7
reference_url https://github.com/contao/contao/security/advisories/GHSA-747v-52c4-8vj8
reference_id GHSA-747v-52c4-8vj8
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system cvssv3.1_qr
scoring_elements
2
value LOW
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-29T16:07:38Z/
url https://github.com/contao/contao/security/advisories/GHSA-747v-52c4-8vj8
fixed_packages
0
url pkg:composer/contao/core-bundle@5.3.4
purl pkg:composer/contao/core-bundle@5.3.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2w7m-mb7e-tqe6
1
vulnerability VCID-afma-748j-uqae
2
vulnerability VCID-f1az-1ejn-53f7
3
vulnerability VCID-f8ny-db5g-pkhw
4
vulnerability VCID-gwea-1srz-9uca
5
vulnerability VCID-p4tq-y4en-57ag
6
vulnerability VCID-r1h5-ag74-dbaw
7
vulnerability VCID-wyd5-t8at-8bba
8
vulnerability VCID-ycnh-mnst-duap
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/contao/core-bundle@5.3.4
1
url pkg:composer/contao/core-bundle@5.5.4
purl pkg:composer/contao/core-bundle@5.5.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2w7m-mb7e-tqe6
1
vulnerability VCID-afma-748j-uqae
2
vulnerability VCID-f1az-1ejn-53f7
3
vulnerability VCID-p4tq-y4en-57ag
4
vulnerability VCID-r1h5-ag74-dbaw
5
vulnerability VCID-wyd5-t8at-8bba
6
vulnerability VCID-ycnh-mnst-duap
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/contao/core-bundle@5.5.4
aliases CVE-2024-28191, GHSA-747v-52c4-8vj8
risk_score 1.4
exploitability 0.5
weighted_severity 2.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jzx2-et8q-7qhm
8
url VCID-p4tq-y4en-57ag
vulnerability_id VCID-p4tq-y4en-57ag
summary 
Contao does not properly manage privileges for page and article fields
Under certain conditions, back end users may be able to edit fields of pages and articles without having the necessary permissions.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-57759
reference_id
reference_type
scores
0
value 0.00058
scoring_system epss
scoring_elements 0.18361
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-57759
1
reference_url https://contao.org/en/security-advisories/improper-privilege-management-for-page-and-article-fields
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-28T17:16:51Z/
url https://contao.org/en/security-advisories/improper-privilege-management-for-page-and-article-fields
2
reference_url https://github.com/contao/contao
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/contao/contao
3
reference_url https://github.com/contao/contao/commit/80ee7db12d55ad979d9b1b180f273d4e2668851f
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-28T17:16:51Z/
url https://github.com/contao/contao/commit/80ee7db12d55ad979d9b1b180f273d4e2668851f
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-57759
reference_id CVE-2025-57759
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-57759
5
reference_url https://github.com/advisories/GHSA-qqfq-7cpp-hcqj
reference_id GHSA-qqfq-7cpp-hcqj
reference_type
scores
url https://github.com/advisories/GHSA-qqfq-7cpp-hcqj
6
reference_url https://github.com/contao/contao/security/advisories/GHSA-qqfq-7cpp-hcqj
reference_id GHSA-qqfq-7cpp-hcqj
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-28T17:16:51Z/
url https://github.com/contao/contao/security/advisories/GHSA-qqfq-7cpp-hcqj
fixed_packages
0
url pkg:composer/contao/core-bundle@5.3.38
purl pkg:composer/contao/core-bundle@5.3.38
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-r1h5-ag74-dbaw
1
vulnerability VCID-wyd5-t8at-8bba
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/contao/core-bundle@5.3.38
1
url pkg:composer/contao/core-bundle@5.6.1
purl pkg:composer/contao/core-bundle@5.6.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-r1h5-ag74-dbaw
1
vulnerability VCID-wyd5-t8at-8bba
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/contao/core-bundle@5.6.1
aliases CVE-2025-57759, GHSA-qqfq-7cpp-hcqj
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-p4tq-y4en-57ag
9
url VCID-r1h5-ag74-dbaw
vulnerability_id VCID-r1h5-ag74-dbaw
summary 
Contao is vulnerable to cross-site scripting in templates
It is possible to inject code into the template output that will be executed in the browser in the front end and back end.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-65961
reference_id
reference_type
scores
0
value 0.0002
scoring_system epss
scoring_elements 0.05699
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-65961
1
reference_url https://contao.org/en/security-advisories/cross-site-scripting-in-templates
reference_id
reference_type
scores
0
value 3.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-25T19:28:53Z/
url https://contao.org/en/security-advisories/cross-site-scripting-in-templates
2
reference_url https://github.com/contao/contao
reference_id
reference_type
scores
0
value 3.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/contao/contao
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-65961
reference_id CVE-2025-65961
reference_type
scores
0
value 3.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-65961
4
reference_url https://github.com/advisories/GHSA-68q5-78xp-cwwc
reference_id GHSA-68q5-78xp-cwwc
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-68q5-78xp-cwwc
5
reference_url https://github.com/contao/contao/security/advisories/GHSA-68q5-78xp-cwwc
reference_id GHSA-68q5-78xp-cwwc
reference_type
scores
0
value 3.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:N
1
value LOW
scoring_system cvssv3.1_qr
scoring_elements
2
value LOW
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-25T19:28:53Z/
url https://github.com/contao/contao/security/advisories/GHSA-68q5-78xp-cwwc
fixed_packages
0
url pkg:composer/contao/core-bundle@5.3.42
purl pkg:composer/contao/core-bundle@5.3.42
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/contao/core-bundle@5.3.42
1
url pkg:composer/contao/core-bundle@5.6.5
purl pkg:composer/contao/core-bundle@5.6.5
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/contao/core-bundle@5.6.5
aliases CVE-2025-65961, GHSA-68q5-78xp-cwwc
risk_score 1.5
exploitability 0.5
weighted_severity 3.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-r1h5-ag74-dbaw
10
url VCID-wyd5-t8at-8bba
vulnerability_id VCID-wyd5-t8at-8bba
summary 
Contao is vulnerable to remote code execution in template closures
Backend users with precise control over the contents of template closures can execute arbitrary PHP functions that do not have required parameters.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-65960
reference_id
reference_type
scores
0
value 0.0002
scoring_system epss
scoring_elements 0.05728
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-65960
1
reference_url https://contao.org/en/security-advisories/remote-code-execution-in-template-closures
reference_id
reference_type
scores
0
value 6.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-11-25T19:59:53Z/
url https://contao.org/en/security-advisories/remote-code-execution-in-template-closures
2
reference_url https://github.com/contao/contao
reference_id
reference_type
scores
0
value 6.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/contao/contao
3
reference_url https://github.com/contao/contao/commit/577d7fdd5b1ca84f65f034ff556865422f0a3bd1
reference_id
reference_type
scores
0
value 6.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/contao/contao/commit/577d7fdd5b1ca84f65f034ff556865422f0a3bd1
4
reference_url https://github.com/contao/contao/commit/676f0855d39007ac9a0dbe7ae6a7414cba2312a5
reference_id
reference_type
scores
0
value 6.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/contao/contao/commit/676f0855d39007ac9a0dbe7ae6a7414cba2312a5
5
reference_url https://github.com/contao/contao/commit/ebf84c90e5679a67060f396b924ce4a3c3f206b3
reference_id
reference_type
scores
0
value 6.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/contao/contao/commit/ebf84c90e5679a67060f396b924ce4a3c3f206b3
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-65960
reference_id CVE-2025-65960
reference_type
scores
0
value 6.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-65960
7
reference_url https://github.com/advisories/GHSA-98vj-mm79-v77r
reference_id GHSA-98vj-mm79-v77r
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-98vj-mm79-v77r
8
reference_url https://github.com/contao/contao/security/advisories/GHSA-98vj-mm79-v77r
reference_id GHSA-98vj-mm79-v77r
reference_type
scores
0
value 6.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-11-25T19:59:53Z/
url https://github.com/contao/contao/security/advisories/GHSA-98vj-mm79-v77r
fixed_packages
0
url pkg:composer/contao/core-bundle@5.3.42
purl pkg:composer/contao/core-bundle@5.3.42
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/contao/core-bundle@5.3.42
1
url pkg:composer/contao/core-bundle@5.6.5
purl pkg:composer/contao/core-bundle@5.6.5
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/contao/core-bundle@5.6.5
aliases CVE-2025-65960, GHSA-98vj-mm79-v77r
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wyd5-t8at-8bba
11
url VCID-ycnh-mnst-duap
vulnerability_id VCID-ycnh-mnst-duap
summary 
Contao applies improper access control in the back end voters
The table access voter in the back end doesn't check if a user is allowed to access the corresponding module.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-57758
reference_id
reference_type
scores
0
value 0.00062
scoring_system epss
scoring_elements 0.1964
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-57758
1
reference_url https://contao.org/en/security-advisories/improper-access-control-in-the-back-end-voters
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-28T17:19:56Z/
url https://contao.org/en/security-advisories/improper-access-control-in-the-back-end-voters
2
reference_url https://github.com/contao/contao
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/contao/contao
3
reference_url https://github.com/contao/contao/commit/3f05c603e1c94d34819f837f060df5d66447d0d7
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-28T17:19:56Z/
url https://github.com/contao/contao/commit/3f05c603e1c94d34819f837f060df5d66447d0d7
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-57758
reference_id CVE-2025-57758
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-57758
5
reference_url https://github.com/advisories/GHSA-7m47-r75r-cx8v
reference_id GHSA-7m47-r75r-cx8v
reference_type
scores
url https://github.com/advisories/GHSA-7m47-r75r-cx8v
6
reference_url https://github.com/contao/contao/security/advisories/GHSA-7m47-r75r-cx8v
reference_id GHSA-7m47-r75r-cx8v
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-28T17:19:56Z/
url https://github.com/contao/contao/security/advisories/GHSA-7m47-r75r-cx8v
fixed_packages
0
url pkg:composer/contao/core-bundle@5.3.38
purl pkg:composer/contao/core-bundle@5.3.38
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-r1h5-ag74-dbaw
1
vulnerability VCID-wyd5-t8at-8bba
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/contao/core-bundle@5.3.38
1
url pkg:composer/contao/core-bundle@5.6.1
purl pkg:composer/contao/core-bundle@5.6.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-r1h5-ag74-dbaw
1
vulnerability VCID-wyd5-t8at-8bba
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/contao/core-bundle@5.6.1
aliases CVE-2025-57758, GHSA-7m47-r75r-cx8v
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ycnh-mnst-duap
Fixing_vulnerabilities
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:composer/contao/core-bundle@5.3.3