Security advisories

Here you will find a list of vulnerabilities that have already been found and fixed in Contao. If you think that you have found a security issue in Contao, please report it according to our security policy.

2023

2023-07-25 09:00 by Leo Feyer

Cross-site scripting in widgets with units

Date: 2023-07-25
CVE ID: CVE-2023-36806

Authenticated users can inject malicious code in widgets with units.

Security advisory

2023-04-25 11:03 by Leo Feyer

Directory traversal in the file manager

Date: 2023-04-25
CVE ID: CVE-2023-29200

Authenticated users in the back end can list files outside the document root in the file manager.

Security advisory

Security advisories

2023

Cross-site scripting in widgets with units

Directory traversal in the file manager

Archive

Subscribe