CVE-2020-25768

Contao before 4.4.52, 4.9.x before 4.9.6, and 4.10.x before 4.10.1 have Improper Input Validation. It is possible to inject insert tags in front end forms which will be replaced when the page is rendered.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5.3 MEDIUM
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 53%
VendorProductVersion
contaocontao
4.0 ≤
𝑥
< 4.4.52
contaocontao
4.9.0 ≤
𝑥
< 4.9.6
contaocontao
4.10.0 ≤
𝑥
< 4.10.1
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://community.contao.org/en/forumdisplay.php?4-Announcements
https://contao.org/en/security-advisories/insert-tag-injection-in-forms.html
https://community.contao.org/en/forumdisplay.php?4-Announcements
https://contao.org/en/security-advisories/insert-tag-injection-in-forms.html