-
-
Notifications
You must be signed in to change notification settings - Fork 165
Security: contao/contao
Security Navigation
Security Advisories
View known security vulnerabilities and report new vulnerabilities privately to maintainers.
-
Cross-site scripting through SVG uploadsGHSA-vqqr-fgmh-f626 published
Mar 18, 2025 by leofeyerModerate -
Directory traversal in the FileSelector widgetGHSA-4p75-5p53-65m9 published
Sep 17, 2024 by leofeyerModerate -
Remote command execution through file uploadsGHSA-vm6r-j788-hjh5 published
Sep 17, 2024 by leofeyerHigh -
Insert tag injection via canonical URLsGHSA-2xpq-xp6c-5mgj published
Sep 17, 2024 by leofeyerModerate -
Session cookie disclosure in the crawlerGHSA-9jh5-qf84-x6pr published
Apr 9, 2024 by leofeyerModerate -
Cross-site scripting in the file managerGHSA-v24p-7p4j-qvvf published
Apr 9, 2024 by leofeyerModerate -
Insert tag injection via the form generatorGHSA-747v-52c4-8vj8 published
Apr 9, 2024 by leofeyerLow -
Cross-site scripting in widgets with unitsGHSA-4gpr-p634-922x published
Jul 25, 2023 by leofeyerModerate -
Directory traversal in the file managerGHSA-fp7q-xhhw-6rj3 published
Apr 25, 2023 by leofeyerModerate -
Remember-me tokens are not cleared after a password changeGHSA-r4r6-j2j3-7pp5 published
Apr 9, 2024 by leofeyerModerate