Contao Open Source CMS
Menu
Close
Skip navigation
  • Discover
    • Features
    • Case studies
    • News
    • Events
    • Team
    • Online demo
  • Download
    • Download
    • Media
    • Release plan
  • Partners
    • Contao partners
    • Service description
    • Become a partner
  • Support
    • Overview
    • Documentation
    • Report a bug
    • Security advisories
    • Contao network
  • Deutsch
  • English

Pro-Tip: The menu can also be openend and closed with the m key.

Security advisories

Here you will find a list of vulnerabilities that have already been found and fixed in Contao. If you think that you have found a security issue in Contao, please report it according to our security policy.

2023

2023-07-25 09:00 by Leo Feyer

Cross-site scripting in widgets with units

Date: 2023-07-25
CVE ID: CVE-2023-36806

Authenticated users can inject malicious code in widgets with units.

Security advisory

2023-04-25 11:03 by Leo Feyer

Directory traversal in the file manager

Date: 2023-04-25
CVE ID: CVE-2023-29200

Authenticated users in the back end can list files outside the document root in the file manager.

Security advisory

Archive

  • 2025 1 entry
  • 2024 8 entries
  • 2023 2 entries
  • 2022 1 entry
  • 2021 4 entries
  • 2020 1 entry
  • 2019 7 entries
  • 2018 4 entries
  • 2017 2 entries
  • 2015 1 entry

Subscribe

  • RSS feed
  • See all options
Skip navigation
  • Sitemap
  • Privacy notice
  • Legal notice