Contao 4.8.4 and 4.8.5 Improper Encoding or Escaping of Output Vulnerability

Summary

It is possible to inject insert tags into the login module which will be replaced when the page is rendered.

Credit:

The information has been provided by Vendor

The original article can be found at:https://contao.org/en/news.html


Details

Contao 4.8.4 and 4.8.5 has Improper Encoding or Escaping of Output. It is possible to inject insert tags into the login module which will be replaced when the page is rendered.

 

Vulnerable Systems:

Contao 4.8.4 and 4.8.5

 

CVE Information:

CVE-2019-19714

 

Disclosure Timeline:
Published Date:12/17/2019

Categories: News