contao/core-bundle Security Advisories for 5.6.3 (2)
-
[LOW] Contao is vulnerable to cross-site scripting in templates
PKSA-3p5h-vgz7-458z CVE-2025-65961 GHSA-68q5-78xp-cwwc
Affected version: >=5.4.0-RC1,<5.6.5|>=5.0.0-RC1,<5.3.42|>=4.0.0,<4.13.57
Reported by:
GitHub -
[MEDIUM] Contao is vulnerable to remote code execution in template closures
PKSA-wjhx-cdbz-9x61 CVE-2025-65960 GHSA-98vj-mm79-v77r
Affected version: >=5.4.0-RC1,<5.6.5|>=5.0.0-RC1,<5.3.42|>=4.0.0,<4.13.57
Reported by:
GitHub