Description

Contao 4.8.4 and 4.8.5 has Improper Encoding or Escaping of Output. It is possible to inject insert tags into the login module which will be replaced when the page is rendered.

Remediation

References

CVE-2019-19714

Related Vulnerabilities

WordPress Plugin Companion Auto Update Multiple Vulnerabilities (3.2.0)

WordPress Plugin Minimal Coming Soon & Maintenance Mode-Coming Soon Page Cross-Site Request Forgery (2.10)

WordPress Anti-CSRF Token Security Bypass Weakness (3.3.1)

Jboss EAP Permissions, Privileges, and Access Controls Vulnerability (CVE-2012-3369)

WordPress Plugin Form Maker by 10Web-Mobile-Friendly Drag & Drop Contact Form Builder Security Bypass (1.7.14)

Severity

Medium

Classification

CVE-2019-19714 CWE-116 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

Tags

Missing Update Known Vulnerabilities