contao/core Security Advisories for 3.3.4 (7)
-
Existing sessions are not correctly invalidated when a user changes their password
Affected version: >=3.0.0,<3.5.39
Reported by:
FriendsOfPHP/security-advisories -
Cross-site scripting (XSS) vulnerability in the system log of the back end
Affected version: >=3.0.0,<3.5.35
Reported by:
FriendsOfPHP/security-advisories -
XSS vulnerabililty in the front end "unsubscribe" module of the newsletter extension
Affected version: >=3.0.0,<3.5.32
Reported by:
FriendsOfPHP/security-advisories -
SQL injection vulnerabililty in the back end search filter and the front end listing module
Affected version: >=3.0.0,<3.5.31
Reported by:
FriendsOfPHP/security-advisories -
A logged in back end user can include arbitrary existing PHP files by manipulating an URL parameter
Affected version: >=3.0.0,<3.5.28
Reported by:
FriendsOfPHP/security-advisories -
Cross-site scripting (XSS) vulnerability in flashmediaelement.swf in MediaElement.js before 2.11.2 (see CVE-2013-1967)
Affected version: >=3.0.0,<3.5.15
Reported by:
FriendsOfPHP/security-advisories -
A directory traversal vulnerability allows back end users to view files outside their document root
Affected version: >=2.0.0,<3.0.0|>=3.0.0,<3.4.4
Reported by:
FriendsOfPHP/security-advisories