Contao Cms 2.4.3

View All Versions

Security Grade


of 1000


Vulnerability History

Weakness Analysis

Related Vulnerabilities

Vulnerability Severity Score Release Date Summary
CVE-2011-4335 4.3 Nov. 28, 2011

Multiple cross-site scripting (XSS) vulnerabilities in Contao before 2.10.2 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to index.php in a (1) teachers.html or (2) teachers/ action.

CVE-2012-1297 6.8 March 19, 2012

Multiple cross-site request forgery (CSRF) vulnerabilities in main.php in Contao (formerly TYPOlight) 2.11.0 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) delete users via a delete action in the user module, (2) delete news via a delete action in the news module, or (3) delete newsletters via a delete action in the newsletters module.