Description

Contao 4.8.4 and 4.8.5 has Improper Encoding or Escaping of Output. It is possible to inject insert tags into the login module which will be replaced when the page is rendered.

Remediation

References

CVE-2019-19714

Related Vulnerabilities

WordPress Plugin Meta Box-WordPress Custom Fields Framework Arbitrary File Upload (4.16.1)

WordPress Plugin Fancy Comments WordPress Cross-Site Scripting (1.2.10)

PostgreSQL Other Vulnerability (CVE-2005-1410)

Apache Tomcat Improper Input Validation Vulnerability (CVE-2011-1475)

PHP Other Vulnerability (CVE-2003-0172)

Severity

Medium

Classification

CVE-2019-19714 CWE-116 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Tags

Missing Update Known Vulnerabilities