Description

Contao before 4.4.52, 4.9.x before 4.9.6, and 4.10.x before 4.10.1 have Improper Input Validation. It is possible to inject insert tags in front end forms which will be replaced when the page is rendered.

Remediation

References

CVE-2020-25768

Related Vulnerabilities

WordPress Plugin My Calendar Cross-Site Scripting (2.3.28)

WordPress Plugin Maps Widget for Google Maps-Google Maps Builder Cross-Site Scripting (2.30)

SharePoint CVE-2021-31181 Vulnerability (CVE-2021-31181)

WordPress Plugin Kama Click Counter SQL Injection (3.4.9)

Moodle Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2012-2365)

Severity

Medium

Classification

CVE-2020-25768 CWE-20 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Tags

Missing Update Known Vulnerabilities