Contao before 4.4.52, 4.9.x before 4.9.6, and 4.10.x before 4.10.1 have Improper Input Validation. It is possible to inject insert tags in front end forms which will be replaced when the page is rendered.
CVSS Score
5.3
EPSS Score
0.003
Published
2020-10-07
Contao 4.x allows SQL Injection. Fixed in Contao 4.4.39 and Contao 4.7.5.
CVSS Score
9.8
EPSS Score
0.004
Published
2019-07-09
Page 2