CVE-2020-25768

Contao before 4.4.52, 4.9.x before 4.9.6, and 4.10.x before 4.10.1 have Improper Input Validation. It is possible to inject insert tags in front end forms which will be replaced when the page is rendered.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:contao:contao:*:*:*:*:*:*:*:*
cpe:2.3:a:contao:contao:*:*:*:*:*:*:*:*
cpe:2.3:a:contao:contao:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2020-10-07 21:15

Updated : 2024-02-04 21:23


NVD link : CVE-2020-25768

Mitre link : CVE-2020-25768

CVE.ORG link : CVE-2020-25768


JSON object : View

Products Affected

contao

  • contao
CWE
CWE-20

Improper Input Validation

CWE-74

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')