Every CVE whose affected-product data names Contao Contao Cms, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (11)
CVE-2017-16558 — CVSS 9.8 (critical): Contao 3.0.0 to 3.5.30 and 4.0.0 to 4.4.7 contains an SQL injection vulnerability in the back end as well as in the listing module.
CVE-2017-10993 — CVSS 8.8 (high): Contao before 3.5.28 and 4.x before 4.4.1 allows remote attackers to include and execute arbitrary local PHP files via a crafted parameter…
CVE-2015-0269 — CVSS 4.3 (medium): Directory traversal vulnerability in Contao before 3.2.19, and 3.4.x before 3.4.4 allows remote authenticated "back end" users to view…
CVE-2011-4335 — CVSS 4.3 (medium): Multiple cross-site scripting (XSS) vulnerabilities in Contao before 2.10.2 allow remote attackers to inject arbitrary web script or HTML…
CVE-2011-0508 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in system/modules/comments/Comments.php in Contao CMS 2.9.2, and possibly other versions before…