CVE-2019-10642 — Cross-Site Request Forgery in Contao

Severity

7.2HIGH

No vector

EPSS

0.1%

top 65.05%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Timeline

PublishedMay 14

Description

Contao CSRF Token Bypass Security researcher Ali Razzaq has discovered that the request token check can be bypassed in Contao 4.7

▶Packagistcontao/contao4.7.0 — 4.7.3

▶Packagistcontao/core-bundle4.7.0 — 4.7.3

GHSA

Contao CSRF Token Bypass↗2022-05-14

▶

OSV

Contao CSRF Token Bypass↗2022-05-14

▶

Bugzilla

CVE-2019-13965 itop: reflective XSS in via the param_file parameter↗2020-04-15

▶