CVE-2020-25768

Improper Input Validation in packagist/contao/core-bundle

Identifiers

CVE-2020-25768

Package Slug

packagist/contao/core-bundle

Vulnerability

Improper Input Validation

Description

Contao suffers from an Improper Input Validation flaw. It is possible to inject insert tags in front end forms which will be replaced when the page is rendered.

Affected Versions

All versions starting from 4.0 before 4.4.52, all versions starting from 4.9.0 before 4.9.6, all versions starting from 4.10.0 before 4.10.1

Solution

Upgrade to versions 4.4.52, 4.9.6, 4.10.1 or above.

Last Modified

2020-10-16

source