CNNVD-202511-2713 Information
CNNVD ID
CNNVD-202511-2713
Related CVE
- CNNVD Published: 2025-11-25
Description (Chinese)
Contao是Contao开源的一套采用PHP开发的开源内容管理系统(CMS)。该系统支持搜索引擎、权限管理和CSS框架等。 Contao 4.0.0版本至4.13.57之前版本、5.3.42之前版本和5.6.5之前版本存在安全漏洞,该漏洞源于可注入代码到模板输出,可能导致代码执行。
Description (English)
Contao is an open-source content management system (CMS) developed using PHP. The system supports search engines, authority management and the CSS framework. Contao 4.0.0 to 4.13.57, 5.3.42 and 5.6.5 have a security loophole, which stems from a code that can be injected into the template output and may lead to code execution.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
Contao
Published
2025-11-25
Last Modified
2026-02-24
References
https://github.com/contao/contao/security/advisories/GHSA-68q5-78xp-cwwc https://contao.org/en/security-advisories/cross-site-scripting-in-templates https://vigilance.fr/vulnerability/Contao-Cross-Site-Scripting-via-Templates-48861 https://access.redhat.com/security/cve/cve-2025-65961
Patch
https://contao.org/en/security-advisories/cross-site-scripting-in-templates
Share on: