Vulnerability Key Information Vulnerability Title Cross-site scripting in templates Vulnerability Severity Severity: Low (3.3 / 10) Vulnerability Description Description: - Impact: It is possible to inject code into the template output that will be executed in the browser in the front end and back end. Affected Versions Affected versions: >=4.0.0 Patched Versions Patched versions: 4.13.57, 5.3.42, 5.6.5 Remediation Patches: Update to Contao 4.13.57, 5.3.42, or 5.6.5 Workarounds Workarounds: Do not use the affected templates or patch them manually. References References: https://contao.org/en/security-advisories/cross-site-scripting-in-templates CVSS 3.1 Base Metrics Attack vector: Network Attack complexity: High Privileges required: High User interaction: None Scope: Unchanged Confidentiality: Low Integrity: Low Availability: None CVE ID CVE-2025-65961 Weakness Type CWE-87 Discoverer Finder: ausi, m-vo