Vulnerability Database

296,138

Total vulnerabilities in the database

CVE-2020-25768

Contao before 4.4.52, 4.9.x before 4.9.6, and 4.10.x before 4.10.1 have Improper Input Validation. It is possible to inject insert tags in front end forms which will be replaced when the page is rendered.

CVSS v3:

  • Severity: Medium
  • Score: 5.3
  • AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

CVSS v2:

  • Severity: Medium
  • Score: 5
  • AV:N/AC:L/Au:N/C:N/I:P/A:N

CWEs:

Software From Fixed in
contao / contao 4.10.0 4.10.1
contao / contao 4.9.0 4.9.6
contao / contao 4.0 4.4.52
Composer icon contao / core-bundle 4.0.0 4.4.52
Composer icon contao / core-bundle 4.5.0 4.9.6
Composer icon contao / core-bundle 4.10.0 4.10.0.x
Composer icon contao / core-bundle 4.10.0 4.10.1