Contao Insert tag injection in forms

🗓️ 24 Sep 2020 16:23:54Reported by GitHub Advisory DatabaseType

Contao Insert tag injection in front end forms. Update to Contao 4.4.52, 4.9.6 or 4.10.1 to patch. Disable front end login form and avoid form fields with array keys

Reporter	Title	Published	Views	Family All 11
Circl	CVE-2020-25768	8 Oct 202000:29	–	circl
Contao	Insert tag injection in forms	24 Sep 202000:00	–	contao
CVE	CVE-2020-25768	7 Oct 202020:37	–	cve
Cvelist	CVE-2020-25768	7 Oct 202020:37	–	cvelist
EUVD	EUVD-2020-1014	7 Oct 202500:30	–	euvd
Friends Of PHP	Insert tag injection in front end forms	1 Jan 197000:00	–	friendsofphp
Friends Of PHP	Insert tag injection in front end forms	1 Jan 197000:00	–	friendsofphp
NVD	CVE-2020-25768	7 Oct 202021:15	–	nvd
OSV	GHSA-F7WM-X4GW-6M23 Contao Insert tag injection in forms	24 Sep 202016:23	–	osv
Prion	Input validation	7 Oct 202021:15	–	prion

Vulners

Node

contao core-bundleRange4.10.0–4.10.1composer

contao contaoRange4.10.0–4.10.1composer

contao contaoRange4.5.0–4.9.6composer

contao contaoRange4.0.0–4.4.52composer

contao core-bundleRange4.5.0–4.9.6composer

contao core-bundleRange4.0.0–4.4.52composer

Source	Link
github	www.github.com/contao/contao/security/advisories/GHSA-f7wm-x4gw-6m23
contao	www.contao.org/en/security-advisories/insert-tag-injection-in-forms.html
nvd	www.nvd.nist.gov/vuln/detail/CVE-2020-25768
community	www.community.contao.org/en/forumdisplay.php
github	www.github.com/FriendsOfPHP/security-advisories/blob/master/contao/contao/CVE-2020-25768.yaml
github	www.github.com/FriendsOfPHP/security-advisories/blob/master/contao/core-bundle/CVE-2020-25768.yaml
github	www.github.com/advisories/GHSA-f7wm-x4gw-6m23

22 Apr 2024 18:42Current

5.1Medium risk

Vulners AI Score5.1

CVSS 25

CVSS 3.15.3

EPSS0.0031