CVE-2019-19714: Improper Encoding or Escaping of Output

December 17, 2019 (updated December 18, 2019)

Contao has Improper Encoding or Escaping of Output. It is possible to inject insert tags into the login module which will be replaced when the page is rendered.

References

contao.org/en/news.html
contao.org/en/security-advisories/insert-tag-injection-in-the-login-module.html
nvd.nist.gov/vuln/detail/CVE-2019-19714

Detect and mitigate CVE-2019-19714 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →