PT-2019-15924 · Contao · Contao

Leo Feyer

Published

2019-12-17

Updated

2019-12-18

CVE-2019-19714

CVSS v3.1

5.3

Medium

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Name of the Vulnerable Software and Affected Versions Contao versions 4.8.4 through 4.8.5

Description The issue concerns improper encoding or escaping of output, allowing the injection of insert tags into the login module. These tags are replaced when the page is rendered.

Recommendations For Contao versions 4.8.4 and 4.8.5, update to Contao 4.8.6 to resolve the issue.

Exploit

Fix

Improper Encoding or Escaping of Output

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-116

Related Identifiers

CVE-2019-19714

GHSA-JC43-QRRP-98F5

Affected Products

Contao

PT-2019-15924 · Contao · Contao

CVE-2019-19714

Weakness Enumeration

Related Identifiers

Affected Products

References · 10