2 matches found
CVE-2019-19714
Contao 4.8.4 and 4.8.5 has Improper Encoding or Escaping of Output. It is possible to inject insert tags into the login module which will be replaced when the page is rendered...
Information disclosure in the back end
Date : 2019-12-17 CVE ID : CVE-2019-19712 Description Back end users can manipulate the details view URL to show pages and articles that have not been enabled for them. Affected versions Contao 4.0 Contao 4.1 Contao 4.2 Contao 4.3 Contao 4.4 up to 4.4.45 Contao 4.5 Contao 4.6 Contao 4.7 Contao 4....