by Leo Feyer
Insert tag injection in the login module
Date: 2019-12-17
CVE ID: CVE-2019-19714
Description
It is possible to inject insert tags into the login module which will be replaced when the page is rendered.
Affected versions
Contao 4.8.4 and 4.8.5
Suggested solution
Update to Contao 4.8.6.