Description

Contao before 4.4.52, 4.9.x before 4.9.6, and 4.10.x before 4.10.1 have Improper Input Validation. It is possible to inject insert tags in front end forms which will be replaced when the page is rendered.

Remediation

References

CVE-2020-25768

Related Vulnerabilities

IBMHttpServer Other Vulnerability (CVE-2004-0493)

WordPress Plugin NextScripts:Social Networks Auto-Poster Unspecified Vulnerability (4.3.2)

WordPress Plugin Customer Reviews for WooCommerce Cross-Site Scripting (5.16.0)

WordPress Plugin Profile Builder-User Profile & User Registration Forms Cross-Site Scripting (3.6.7)

WordPress Plugin FluentSMTP-WP Mail SMTP, Amazon SES, SendGrid, MailGun and Any SMTP Connector Cross-Site Scripting (2.0.0)

Severity

Medium

Classification

CVE-2020-25768 CWE-20 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

Tags

Missing Update Known Vulnerabilities