Fritz Michael Gschwantner

2 exploits Active since Aug 2025
CVE-2025-57756 WRITEUP MEDIUM WRITEUP
Contao 4.9.14-4.13.55, 5.3.0-5.3.37, 5.6.0 - Unauthorized Sensitive Information Exposure via Front-End Search Index
Contao is an Open Source CMS. In versions starting from 4.9.14 and prior to 4.13.56, 5.3.38, and 5.6.1, protected content elements that are rendered as fragments are indexed and become publicly available in the front end search. This issue has been patched in versions 4.13.56, 5.3.38, and 5.6.1. A workaround involves disabling the front end search.
CVSS 5.3
CVE-2025-57757 WRITEUP MEDIUM WRITEUP
Contao 5.0.0-5.3.37 - Unauthenticated Information Disclosure in News Module RSS Feed
Contao is an Open Source CMS. In versions starting from 5.0.0 and prior to 5.3.38 and 5.6.1, if a news feed contains protected news archives, their news items are not filtered and become publicly available in the RSS feed. This issue has been patched in versions 5.3.38 and 5.6.1. A workaround involves not adding protected news archives to the news feed page.
CVSS 5.3