Improper Encoding or Escaping of Output in Contao 4.8.4 and 4.8.5 Login Module
CVE-2019-19714 · MEDIUM Severity
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Contao 4.8.4 and 4.8.5 has Improper Encoding or Escaping of Output. It is possible to inject insert tags into the login module which will be replaced when the page is rendered.
Learn more about our Api Penetration Testing.