Description
Contao before 4.4.52, 4.9.x before 4.9.6, and 4.10.x before 4.10.1 have Improper Input Validation. It is possible to inject insert tags in front end forms which will be replaced when the page is rendered.
Remediation
References
Related Vulnerabilities
WordPress Plugin WP-SpamFree Anti-Spam Cross-Site Scripting (2.1.1.6)
Oracle JRE CVE-2013-2457 Vulnerability (CVE-2013-2457)
Jenkins Improper Input Validation Vulnerability (CVE-2012-4438)
WordPress Plugin Buddy Share It Allusers FB YR Arbitrary File Upload (3.2.8)
WordPress Plugin Recipe Card Blocks for Gutenberg & Elementor Cross-Site Scripting (2.8.0)