Description

Contao 4.8.4 and 4.8.5 has Improper Encoding or Escaping of Output. It is possible to inject insert tags into the login module which will be replaced when the page is rendered.

Remediation

References

CVE-2019-19714

Related Vulnerabilities

WordPress Plugin WP Cerber Security, Anti-spam & Malware Scan Security Bypass (9.3.2)

WordPress Plugin Mailster-Email Newsletter for WordPress Cross-Site Scripting (2.4.5.1)

Joomla Other Vulnerability (CVE-2006-7010)

WordPress Plugin 2Way VideoCalls and Random Chat-HTML5 Webcam Videochat Cross-Site Scripting (5.2.7)

PHP Numeric Errors Vulnerability (CVE-2015-7804)

Severity

Medium

Classification

CVE-2019-19714 CWE-116 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Tags

Missing Update Known Vulnerabilities