Description
Contao before 4.4.52, 4.9.x before 4.9.6, and 4.10.x before 4.10.1 have Improper Input Validation. It is possible to inject insert tags in front end forms which will be replaced when the page is rendered.
Remediation
References
Related Vulnerabilities
MySQL CVE-2021-2354 Vulnerability (CVE-2021-2354)
WordPress Plugin Cms Pack TimThumb Arbitrary File Upload (1.3)
Moodle Other Vulnerability (CVE-2006-4939)
WordPress 4.4.x Multiple Vulnerabilities (4.4 - 4.4.6)
IBM WebSEAL Observable Differences in Behavior to Error Inputs Vulnerability (CVE-2020-4699)