contao/core-bundle Security Advisories for 4.13.29 (4)
-
[LOW] Contao: Unencoded insert tags in the frontend
PKSA-rk65-kfm6-21d9 CVE-2024-28191 GHSA-747v-52c4-8vj8
Affected version: >=5.0.0-RC1,<5.3.4|>=4.0.0,<4.13.40
Reported by:
GitHub -
[MEDIUM] Contao: Cross site scripting in the file manager
PKSA-bxmw-zt4x-f182 CVE-2024-28190 GHSA-v24p-7p4j-qvvf
Affected version: >=5.0.0-RC1,<5.3.4|>=4.0.0,<4.13.40
Reported by:
GitHub -
[MEDIUM] Contao: Remember-me tokens will not be cleared after a password change
PKSA-7hz7-f163-3mdr CVE-2024-30262 GHSA-r4r6-j2j3-7pp5
Affected version: <4.13.40
Reported by:
GitHub -
[HIGH] Contao: Possible cookie sharing with external domains while checking protected pages for broken links
PKSA-g1qg-mn7d-638g CVE-2024-28235 GHSA-9jh5-qf84-x6pr
Affected version: >=5.0.0-RC1,<5.3.4|>=4.9.0,<4.13.40
Reported by:
GitHub