CVE-2019-19714

MEDIUM

Contao 4.8.4-4.8.5 - Insert Tag Injection in Login Module

Title source: llm

Description

Contao 4.8.4 and 4.8.5 has Improper Encoding or Escaping of Output. It is possible to inject insert tags into the login module which will be replaced when the page is rendered.

References (2)

Core 2

Core References

Vendor Advisory x_refsource_misc

https://contao.org/en/news.html

Vendor Advisory x_refsource_confirm

https://contao.org/en/security-advisories/insert-tag-injection-in-the-login-module.html

Scores

CVSS v3 5.3

EPSS 0.0082

EPSS Percentile 52.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Details

CWE

CWE-116

Status published

Products (4)

contao/contao 4.8.4

contao/contao 4.8.5

contao/contao 4.8.4 - 4.8.6Packagist

contao/core-bundle 4.8.4 - 4.8.6Packagist

Published Dec 17, 2019

Tracked Since Feb 18, 2026