CVE-2020-25768: Improper Input Validation

October 7, 2020 (updated July 21, 2021)

Contao suffers from an Improper Input Validation flaw. It is possible to inject insert tags in front end forms which will be replaced when the page is rendered.

References

community.contao.org/en/forumdisplay.php?4-Announcements
contao.org/en/security-advisories/insert-tag-injection-in-forms.html
nvd.nist.gov/vuln/detail/CVE-2020-25768

Detect and mitigate CVE-2020-25768 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →