CVE-2020-25768
packagist/contao/core-bundle
Improper Input Validation
Contao suffers from an Improper Input Validation flaw. It is possible to inject insert tags in front end forms which will be replaced when the page is rendered.
All versions starting from 4.0 before 4.4.52, all versions starting from 4.9.0 before 4.9.6, all versions starting from 4.10.0 before 4.10.1
Upgrade to versions 4.4.52, 4.9.6, 4.10.1 or above.
2020-10-16
source |