CVE-2020-25768

CVE-2020-25768

EPSS 0.8%

Contao before 4.4.52, 4.9.x before 4.9.6, and 4.10.x before 4.10.1 have Improper Input Validation. It is possible to inject insert tags in front end forms which will be replaced when the page is rendered.

Produtos afetados

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://community.contao.org/en/forumdisplay.php?4-Announcements https://contao.org/en/security-advisories/insert-tag-injection-in-forms.html