contao/contao Security Advisories for 4.6.0 (10)
- 
                        [MEDIUM] Contao Information Disclosure via Access Control FlawsPKSA-ppsr-zcrm-r241 CVE-2018-20028 GHSA-q99w-j4mj-7hj8 Affected version: >=4.4.0,<4.4.31|>=4.6.0,<4.6.11|>=3.0.0,<3.5.37 Reported by: 
 GitHub
- 
                        [HIGH] Privilege escalation with the form generatorPKSA-vfyp-1pdz-qxfn CVE-2021-37627 GHSA-hq5m-mqmx-fw6m Affected version: >=4.0.0,<4.4.56|>=4.5.0,<4.6.0|>=4.6.0,<4.7.0|>=4.7.0,<4.8.0|>=4.8.0,<4.9.0|>=4.9.0,<4.9.18|>=4.10.0,<4.11.0|>=4.11.0,<4.11.7 Reported by: 
 FriendsOfPHP/security-advisories, GitHub
- 
                        [MEDIUM] PHP file inclusion via insert tagsPKSA-33hj-wh6g-5wzq CVE-2021-37626 GHSA-r6mv-ppjc-4hgr Affected version: >=4.0.0,<4.4.56|>=4.5.0,<4.6.0|>=4.6.0,<4.7.0|>=4.7.0,<4.8.0|>=4.8.0,<4.9.0|>=4.9.0,<4.9.18|>=4.10.0,<4.11.0|>=4.11.0,<4.11.7 Reported by: 
 FriendsOfPHP/security-advisories, GitHub
- 
                        [MEDIUM] Cross site scripting via HTML attributes in the back endPKSA-rc7z-49pc-5drp CVE-2021-35955 GHSA-hr3h-x6gq-rqcp Affected version: >=4.0.0,<4.4.56|>=4.5.0,<4.6.0|>=4.6.0,<4.7.0|>=4.7.0,<4.8.0|>=4.8.0,<4.9.0|>=4.9.0,<4.9.18|>=4.10.0,<4.11.0|>=4.11.0,<4.11.7 Reported by: 
 FriendsOfPHP/security-advisories, GitHub
- 
                        [MEDIUM] Cross-site scripting (XSS) vulnerability in the system logPKSA-vwzw-wjqk-61c9 CVE-2021-35210 GHSA-h58v-c6rf-g9f7 Affected version: >=4.5.0,<4.9.16|>=4.10.0,<4.11.0|>=4.11.0,<4.11.5 Reported by: 
 FriendsOfPHP/security-advisories, GitHub
- 
                        [MEDIUM] Insert tag injection in front end formsPKSA-1cjk-ccfw-jwsc CVE-2020-25768 GHSA-f7wm-x4gw-6m23 Affected version: >=4.0.0,<4.4.52|>=4.5.0,<4.6.0|>=4.6.0,<4.7.0|>=4.7.0,<4.8.0|>=4.8.0,<4.9.0|>=4.9.0,<4.9.6|>=4.10.0,<4.10.1 Reported by: 
 FriendsOfPHP/security-advisories, GitHub
- 
                        [HIGH] Unrestricted file uploadsPKSA-7m3q-k7b1-ks8c CVE-2019-19745 GHSA-wjx8-cgrm-hh8p Affected version: >=4.0.0,<4.4.46|>=4.5.0,<4.6.0|>=4.6.0,<4.7.0|>=4.7.0,<4.8.0|>=4.8.0,<4.8.6 Reported by: 
 FriendsOfPHP/security-advisories, GitHub
- 
                        [MEDIUM] Information disclosure in the back endPKSA-s9yr-nm3n-mqqp CVE-2019-19712 GHSA-4mvc-qc5w-v5qr Affected version: >=4.0.0,<4.4.46|>=4.5.0,<4.6.0|>=4.6.0,<4.7.0|>=4.7.0,<4.8.0|>=4.8.0,<4.8.6 Reported by: 
 FriendsOfPHP/security-advisories, GitHub
- 
                        [CRITICAL] SQL injection vulnerabililty in the file manager search filterPKSA-h4n4-9jqf-3fj5 CVE-2019-11512 GHSA-vq59-x6mq-4wgw Affected version: >=4.1.0,<4.4.39|>=4.5.0,<4.6.0|>=4.6.0,<4.7.0|>=4.7.0,<4.7.5 Reported by: 
 FriendsOfPHP/security-advisories, GitHub
- 
                        [CRITICAL] Existing sessions are not correctly invalidated when a user changes their passwordPKSA-4b38-qncw-d1nq CVE-2019-10641 GHSA-vcgg-hp4r-87gx Affected version: >=4.0.0,<4.4.37|>=4.5.0,<4.6.0|>=4.6.0,<4.7.0|>=4.7.0,<4.7.3 Reported by: 
 FriendsOfPHP/security-advisories, GitHub