GHSA-jc43-qrrp-98f5
Suggest an improvement- Source
- https://github.com/advisories/GHSA-jc43-qrrp-98f5
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2019/12/GHSA-jc43-qrrp-98f5/GHSA-jc43-qrrp-98f5.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-jc43-qrrp-98f5
- Aliases
- Published
- 2019-12-17T22:53:40Z
- Modified
- 2024-04-22T19:04:23.373961Z
- Severity
-
- 5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVSS Calculator
- Summary
- Insert tag injection in the Contao login module
- Details
-
Impact
It is possible to inject insert tags into the login module which will be replaced when the page is rendered.
Patches
Update to Contao 4.8.6.
Workarounds
None.
References
https://contao.org/en/security-advisories/insert-tag-injection-in-the-login-module
For more information
If you have any questions or comments about this advisory, open an issue in contao/contao.
- Database specific
{ "nvd_published_at": null, "cwe_ids": [ "CWE-116" ], "severity": "MODERATE", "github_reviewed": true, "github_reviewed_at": "2019-12-17T19:35:29Z" }- References
-
- https://github.com/contao/contao/security/advisories/GHSA-jc43-qrrp-98f5
- https://nvd.nist.gov/vuln/detail/CVE-2019-19714
- https://contao.org/en/security-advisories/insert-tag-injection-in-the-login-module.html
- https://github.com/FriendsOfPHP/security-advisories/blob/master/contao/contao/CVE-2019-19714.yaml
- https://github.com/FriendsOfPHP/security-advisories/blob/master/contao/core-bundle/CVE-2019-19714.yaml
- https://github.com/contao/contao
Affected packages
Packagist / contao/core-bundle
Package
- Name
- contao/core-bundle
- Purl
- pkg:composer/contao/core-bundle
Packagist / contao/contao
Package
- Name
- contao/contao
- Purl
- pkg:composer/contao/contao