contao/core-bundle Security Advisories for 4.13.51 (4)
-
[LOW] Contao is vulnerable to cross-site scripting in templates
PKSA-3p5h-vgz7-458z CVE-2025-65961 GHSA-68q5-78xp-cwwc
Affected version: >=5.4.0-RC1,<5.6.5|>=5.0.0-RC1,<5.3.42|>=4.0.0,<4.13.57
Reported by:
GitHub -
[MEDIUM] Contao is vulnerable to remote code execution in template closures
PKSA-wjhx-cdbz-9x61 CVE-2025-65960 GHSA-98vj-mm79-v77r
Affected version: >=5.4.0-RC1,<5.6.5|>=5.0.0-RC1,<5.3.42|>=4.0.0,<4.13.57
Reported by:
GitHub -
[MEDIUM] Contao discloses sensitive information in the front end search index
PKSA-66g4-yhz3-k3zh CVE-2025-57756 GHSA-2xmj-8wmq-7475
Affected version: >=5.4.0-RC1,<5.6.1|>=5.0.0-RC1,<5.3.38|>=4.9.14,<4.13.56
Reported by:
GitHub -
[MEDIUM] Contao Vulnerable to Cross-Site Scripting (XSS) through SVG uploads
PKSA-pmyp-m45j-62p1 CVE-2025-29790 GHSA-vqqr-fgmh-f626
Affected version: >=5.4.0,<5.5.6|>=5.3.0,<5.3.30|>=4.0.0,<4.13.54
Reported by:
GitHub