contao/contao Security Advisories for 4.9.16 (5)
- 
                        [MEDIUM] Contao discloses sensitive information in the front end search indexPKSA-34p6-239r-z7w2 CVE-2025-57756 GHSA-2xmj-8wmq-7475 Affected version: >=5.4.0-RC1,<5.6.1|>=5.0.0-RC1,<5.3.38|>=4.9.14,<4.13.56 Reported by: 
 GitHub
- 
                        [HIGH] Directory traversal vulnerability in the file managerPKSA-3m2g-ygwq-rxnz CVE-2023-29200 GHSA-fp7q-xhhw-6rj3 Affected version: >=4.9.0,<4.9.40|>=4.13.0,<4.13.21|>=5.1.0,<5.1.4 Reported by: 
 FriendsOfPHP/security-advisories, GitHub
- 
                        [HIGH] Privilege escalation with the form generatorPKSA-vfyp-1pdz-qxfn CVE-2021-37627 GHSA-hq5m-mqmx-fw6m Affected version: >=4.0.0,<4.4.56|>=4.5.0,<4.6.0|>=4.6.0,<4.7.0|>=4.7.0,<4.8.0|>=4.8.0,<4.9.0|>=4.9.0,<4.9.18|>=4.10.0,<4.11.0|>=4.11.0,<4.11.7 Reported by: 
 FriendsOfPHP/security-advisories, GitHub
- 
                        [MEDIUM] PHP file inclusion via insert tagsPKSA-33hj-wh6g-5wzq CVE-2021-37626 GHSA-r6mv-ppjc-4hgr Affected version: >=4.0.0,<4.4.56|>=4.5.0,<4.6.0|>=4.6.0,<4.7.0|>=4.7.0,<4.8.0|>=4.8.0,<4.9.0|>=4.9.0,<4.9.18|>=4.10.0,<4.11.0|>=4.11.0,<4.11.7 Reported by: 
 FriendsOfPHP/security-advisories, GitHub
- 
                        [MEDIUM] Cross site scripting via HTML attributes in the back endPKSA-rc7z-49pc-5drp CVE-2021-35955 GHSA-hr3h-x6gq-rqcp Affected version: >=4.0.0,<4.4.56|>=4.5.0,<4.6.0|>=4.6.0,<4.7.0|>=4.7.0,<4.8.0|>=4.8.0,<4.9.0|>=4.9.0,<4.9.18|>=4.10.0,<4.11.0|>=4.11.0,<4.11.7 Reported by: 
 FriendsOfPHP/security-advisories, GitHub