Improper Encoding or Escaping of Output in Contao 4.8.4 and 4.8.5 Login Module

Improper Encoding or Escaping of Output in Contao 4.8.4 and 4.8.5 Login Module

CVE-2019-19714 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Contao 4.8.4 and 4.8.5 has Improper Encoding or Escaping of Output. It is possible to inject insert tags into the login module which will be replaced when the page is rendered.

Learn more about our Api Penetration Testing.