Security Advisories - PKSA-pmyp-m45j-62p1 - Packagist

PKSA-pmyp-m45j-62p1 Security Advisory

[MEDIUM] Contao Vulnerable to Cross-Site Scripting (XSS) through SVG uploads

PKSA-pmyp-m45j-62p1 CVE-2025-29790 GHSA-vqqr-fgmh-f626

Affected package: contao/core-bundle

Affected version: >=5.4.0,<5.5.6|>=5.3.0,<5.3.30|>=4.0.0,<4.13.54

Reported by:
GitHub