CVE-2020-25768

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2020-25768

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-25768.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2020-25768

Aliases

GHSA-f7wm-x4gw-6m23

Published

2020-10-07T21:15:14Z

Modified

2024-11-21T05:18:43Z

Severity

5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVSS Calculator

Summary

[none]

Details

Contao before 4.4.52, 4.9.x before 4.9.6, and 4.10.x before 4.10.1 have Improper Input Validation. It is possible to inject insert tags in front end forms which will be replaced when the page is rendered.

References

https://community.contao.org/en/forumdisplay.php?4-Announcements
https://contao.org/en/security-advisories/insert-tag-injection-in-forms.html

Affected packages

Git / github.com/contao/contao

Affected ranges

Type: GIT
Repo: https://github.com/contao/contao
Events: Introduced

84b2fe637d5ead531f117f26b48d1b9de8df4074

Fixed

5552147901fac8affad51662a1bf75a730368eb1