Description

Contao before 4.4.52, 4.9.x before 4.9.6, and 4.10.x before 4.10.1 have Improper Input Validation. It is possible to inject insert tags in front end forms which will be replaced when the page is rendered.

Remediation

References

CVE-2020-25768

Related Vulnerabilities

MySQL CVE-2018-2787 Vulnerability (CVE-2018-2787)

UAParser.js Inclusion of Functionality from Untrusted Control Sphere Vulnerability (CVE-2021-4229)

MediaWiki Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-45373)

WordPress Plugin WP Job Manager Cross-Site Scripting (1.26.1)

WordPress Plugin WP PHP widget Information Disclosure (1.0.2)

Severity

Medium

Classification

CVE-2020-25768 CWE-20 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Tags

Missing Update Known Vulnerabilities