CVE-2019-19714: Improper Encoding or Escaping of Output
(updated )
Contao 4.8.4 and 4.8.5 has Improper Encoding or Escaping of Output. It is possible to inject insert tags into the login module which will be replaced when the page is rendered.
References
- contao.org/en/security-advisories/insert-tag-injection-in-the-login-module.html
- github.com/FriendsOfPHP/security-advisories/blob/master/contao/contao/CVE-2019-19714.yaml
- github.com/FriendsOfPHP/security-advisories/blob/master/contao/core-bundle/CVE-2019-19714.yaml
- github.com/advisories/GHSA-jc43-qrrp-98f5
- github.com/contao/contao/security/advisories/GHSA-jc43-qrrp-98f5
- nvd.nist.gov/vuln/detail/CVE-2019-19714
Detect and mitigate CVE-2019-19714 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →