Description
Contao 4.8.4 and 4.8.5 has Improper Encoding or Escaping of Output. It is possible to inject insert tags into the login module which will be replaced when the page is rendered.
Remediation
References
Related Vulnerabilities
WordPress Plugin GiveWP-Donation and Fundraising Platform Cross-Site Request Forgery (2.25.2)
WordPress Plugin Related Posts Multiple Cross-Site Request Forgery Vulnerabilities (1.0)
WordPress Plugin WORDPRESS VIDEO GALLERY Open Email Relay (2.8)
WordPress Plugin WP Fastest Cache Cross-Site Request Forgery (0.9.0.2)