GHSA-jc43-qrrp-98f5

Suggest an improvement
Source
https://github.com/advisories/GHSA-jc43-qrrp-98f5
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2019/12/GHSA-jc43-qrrp-98f5/GHSA-jc43-qrrp-98f5.json
JSON Data
https://api.test.osv.dev/v1/vulns/GHSA-jc43-qrrp-98f5
Aliases
Published
2019-12-17T22:53:40Z
Modified
2024-04-22T18:48:34.065653Z
Severity
  • 5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVSS Calculator
Summary
Insert tag injection in the Contao login module
Details

Impact

It is possible to inject insert tags into the login module which will be replaced when the page is rendered.

Patches

Update to Contao 4.8.6.

Workarounds

None.

References

https://contao.org/en/security-advisories/insert-tag-injection-in-the-login-module

For more information

If you have any questions or comments about this advisory, open an issue in contao/contao.

Database specific
{
    "nvd_published_at": null,
    "cwe_ids": [
        "CWE-116"
    ],
    "severity": "MODERATE",
    "github_reviewed": true,
    "github_reviewed_at": "2019-12-17T19:35:29Z"
}
References

Affected packages

Packagist / contao/core-bundle

Package

Name
contao/core-bundle
Purl
pkg:composer/contao/core-bundle

Affected ranges

Type
ECOSYSTEM
Events
Introduced
4.8.4
Fixed
4.8.6

Affected versions

4.*

4.8.4
4.8.5

Packagist / contao/contao

Package

Name
contao/contao
Purl
pkg:composer/contao/contao

Affected ranges

Type
ECOSYSTEM
Events
Introduced
4.8.4
Fixed
4.8.6

Affected versions

4.*

4.8.4
4.8.5