An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWY3d20teDRndy02bTIz
Contao Insert tag injection in forms
It is possible to inject insert tags in frontend forms which will be replaced when the page is rendered.
Update to Contao 4.4.52, 4.9.6 or 4.10.1.
Disable the front end login form and do not use form fields with array keys such as
For more information
If you have any questions or comments about this advisory, open an issue in contao/contao.Permalink: https://github.com/advisories/GHSA-f7wm-x4gw-6m23
Source: GitHub Advisory Database
Published: about 3 years ago
Updated: 2 months ago
CVSS Score: 5.3
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Identifiers: GHSA-f7wm-x4gw-6m23, CVE-2020-25768
Fixed in: 4.10.1, 4.9.6, 4.4.52