Contao 4.8.4 and 4.8.5 has Improper Encoding or Escaping of Output. It is possible to inject insert tags into the login module which will be replaced when the page is rendered.
References
Link | Resource |
---|---|
https://contao.org/en/news.html | Vendor Advisory |
https://contao.org/en/security-advisories/insert-tag-injection-in-the-login-module.html | Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2019-12-17T14:04:03
Updated: 2019-12-17T14:04:03
Reserved: 2019-12-11T00:00:00
Link: CVE-2019-19714
JSON object: View
NVD Information
Status : Analyzed
Published: 2019-12-17T15:15:25.613
Modified: 2019-12-18T21:25:38.900
Link: CVE-2019-19714
JSON object: View
Redhat Information
No data.
CWE