Description
Contao 4.8.4 and 4.8.5 has Improper Encoding or Escaping of Output. It is possible to inject insert tags into the login module which will be replaced when the page is rendered.
Remediation
References
Related Vulnerabilities
WordPress Plugin Jetpack-WP Security, Backup, Speed, & Growth Cross-Site Scripting (3.5.2)
Grafana Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2020-12459)
MySQL CVE-2018-3084 Vulnerability (CVE-2018-3084)
MediaWiki URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2017-0363)
WordPress Plugin fitness calculators Cross-Site Request Forgery (1.9.5)