Here you will find a list of vulnerabilities that have already been found and fixed in Contao.
Insert tag injection in the login module
CVE ID: CVE-2019-19714
It is possible to inject insert tags into the login module which will be replaced when the page is rendered.
Contao 4.8.4 and 4.8.5
Update to Contao 4.8.6.
Back to the overview.
If you think that you have found a security issue in Contao, please report it according to our security policy.