Security advisories

Here you will find a list of vulnerabilities that have already been found and fixed in Contao. If you think that you have found a security issue in Contao, please report it according to our security policy.


Cross site scripting via canonical URL

by Leo Feyer

Date: 2022-05-05
CVE ID: CVE-2022-24899

Untrusted users can inject malicious code into the canonical tag, which is then executed on the web page (front end).

Read more …