Contao before 4.4.52, 4.9.x before 4.9.6, and 4.10.x before 4.10.1 have Improper Input Validation. It is possible to inject insert tags in front end forms which will be replaced when the page is rendered.
References
Link | Resource |
---|---|
https://community.contao.org/en/forumdisplay.php?4-Announcements | Release Notes Vendor Advisory |
https://contao.org/en/security-advisories/insert-tag-injection-in-forms.html | Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2020-10-07T20:37:52
Updated: 2020-10-07T20:37:52
Reserved: 2020-09-18T00:00:00
Link: CVE-2020-25768
JSON object: View
NVD Information
Status : Analyzed
Published: 2020-10-07T21:15:14.963
Modified: 2021-07-21T11:39:23.747
Link: CVE-2020-25768
JSON object: View
Redhat Information
No data.