PT-2025-48078 · Contao · Contao
Published
2025-11-25
·
Updated
2025-12-01
·
CVE-2025-65961
CVSS v3.1
4.8
Medium
| Vector | AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Contao versions 4.0.0 through 4.13.56
Contao versions 5.3.0 through 5.3.41
Contao versions 5.6.0 through 5.6.4
Description
Contao is susceptible to code injection within template output, potentially leading to code execution in both the front end and back end of the application. The issue allows for the injection of malicious code that is then executed by the user's browser.
Recommendations
Update to Contao version 4.13.57
Update to Contao version 5.3.42
Update to Contao version 5.6.5
As a workaround, avoid using the affected templates
As a workaround, manually patch the affected templates
Exploit
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Contao