Description

Contao 4.8.4 and 4.8.5 has Improper Encoding or Escaping of Output. It is possible to inject insert tags into the login module which will be replaced when the page is rendered.

Remediation

References

CVE-2019-19714

Related Vulnerabilities

WordPress Plugin GiveWP-Donation and Fundraising Platform Cross-Site Request Forgery (2.25.2)

WordPress Plugin Related Posts Multiple Cross-Site Request Forgery Vulnerabilities (1.0)

WordPress Plugin WORDPRESS VIDEO GALLERY Open Email Relay (2.8)

Drupal Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2019-11831)

WordPress Plugin WP Fastest Cache Cross-Site Request Forgery (0.9.0.2)

Severity

Medium

Classification

CVE-2019-19714 CWE-116 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Tags

Missing Update Known Vulnerabilities