Description

Contao 4.8.4 and 4.8.5 has Improper Encoding or Escaping of Output. It is possible to inject insert tags into the login module which will be replaced when the page is rendered.

Remediation

References

CVE-2019-19714

Related Vulnerabilities

Python Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2016-0718)

Lighttpd Other Vulnerability (CVE-2007-3950)

Piwigo Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2012-2209)

Piwigo Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2023-37270)

WordPress Plugin Request Quote via Whatsapp for Woocommerce Cross-Site Scripting (1.0.1)

Severity

Medium

Classification

CVE-2019-19714 CWE-116 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Tags

Missing Update Known Vulnerabilities