Here you will find a list of vulnerabilities that have already been found and fixed in Contao. If you think that you have found a security issue in Contao, please report it according to our security policy.
Insert tag injection in the login module
CVE ID: CVE-2019-19714
It is possible to inject insert tags into the login module which will be replaced when the page is rendered.
Contao 4.8.4 and 4.8.5
Update to Contao 4.8.6.