Description
Contao 4.8.4 and 4.8.5 has Improper Encoding or Escaping of Output. It is possible to inject insert tags into the login module which will be replaced when the page is rendered.
Remediation
References
Related Vulnerabilities
WordPress Plugin DukaPress TimThumb Arbitrary File Upload (2.3.2)
Moodle Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2013-2243)
PHP Numeric Errors Vulnerability (CVE-2016-4345)
Seo Panel Server-Side Request Forgery (SSRF) Vulnerability (CVE-2025-29451)
WordPress Plugin Tutor LMS-eLearning and online course solution Cross-Site Request Forgery (1.5.2)