CVE-2019-19714

Published: Dec 17, 2019Modified: Nov 21, 2024

5.3

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Exploitability: 3.9 / Impact: 1.4

Source: NVD

Description

Contao 4.8.4 and 4.8.5 has Improper Encoding or Escaping of Output. It is possible to inject insert tags into the login module which will be replaced when the page is rendered.

Affected (2)

Products: Contao: Contao

Contao

1 product

Contao

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Contao Contao	Version 4.8.4
Contao Contao	Version 4.8.5

Related CWEs

CWE-116

Improper Encoding or Escaping of Output

The product prepares a structured message for communication with another component, but encoding or escaping of the data is either missing or done incorrectly. As a result, the intended structure of the message is not preserved.

References (4)

https://contao.org/en/news.html

Source: cve@mitre.org

Vendor Advisory

https://contao.org/en/security-advisories/insert-tag-injection-in-the-login-module.html

Source: cve@mitre.org

Vendor Advisory

https://contao.org/en/news.html

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://contao.org/en/security-advisories/insert-tag-injection-in-the-login-module.html

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.