Improper Input Validation in Contao Forms Allows for Insert Tag Injection

Improper Input Validation in Contao Forms Allows for Insert Tag Injection

CVE-2020-25768 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Contao before 4.4.52, 4.9.x before 4.9.6, and 4.10.x before 4.10.1 have Improper Input Validation. It is possible to inject insert tags in front end forms which will be replaced when the page is rendered.

Learn more about our Web Application Penetration Testing UK.