contao/core-bundle Security Advisories for 5.4.0-RC1 (3)
-
[MEDIUM] Contao Vulnerable to Cross-Site Scripting (XSS) through SVG uploads
PKSA-pmyp-m45j-62p1 CVE-2025-29790 GHSA-vqqr-fgmh-f626
Affected version: >=5.4.0,<5.5.6|>=5.3.0,<5.3.30|>=4.0.0,<4.13.54
Reported by:
GitHub -
[MEDIUM] Contao affected by insert tag injection via canonical URL
PKSA-8psg-sb44-9n6y CVE-2024-45612 GHSA-2xpq-xp6c-5mgj
Affected version: >=5.4.0,<5.4.3|>=5.0.0,<5.3.15|>=4.13.0,<4.13.49
Reported by:
GitHub -
[HIGH] Contao affected by remote command execution through file upload
PKSA-5k7g-byhd-8xrm CVE-2024-45398 GHSA-vm6r-j788-hjh5
Affected version: >=5.4.0,<5.4.3|>=5.0.0,<5.3.15|>=4.0.0,<4.13.49
Reported by:
GitHub