Web Application Vulnerabilities Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise Acunetix Standard & Premium
Contao Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-65961) - Vulnerability Database

Contao Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-65961)

Description

Contao is an Open Source CMS. From version 4.0.0 to before 4.13.57, before 5.3.42, and before 5.6.5, it is possible to inject code into the template output that will be executed in the browser in the front end and back end. This issue has been patched in versions 4.13.57, 5.3.42, and 5.6.5. A workaround for this issue involves not using the affected templates or patch them manually.

References

CVE-2025-65961

Related Vulnerabilities

WebLogic CVE-2022-21258 Vulnerability (CVE-2022-21258) Medium
Common tags: Missing Update Known Vulnerabilities
SharePoint Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-1101) Medium
Common tags: Missing Update Known Vulnerabilities
Piwigo Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2020-19215) High
Common tags: Missing Update Known Vulnerabilities
Piwigo Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2020-19216) High
Common tags: Missing Update Known Vulnerabilities
Piwigo Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2020-19217) High
Common tags: Missing Update Known Vulnerabilities

Severity

Medium

Classification

CVE-2025-65961
CWE-707
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update
Known Vulnerabilities