Moderate severityNVD Advisory· Published Oct 7, 2020· Updated Aug 4, 2024
CVE-2020-25768
CVE-2020-25768
Description
Contao before 4.4.52, 4.9.x before 4.9.6, and 4.10.x before 4.10.1 have Improper Input Validation. It is possible to inject insert tags in front end forms which will be replaced when the page is rendered.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
contao/core-bundlePackagist | >= 4.0.0, < 4.4.52 | 4.4.52 |
contao/core-bundlePackagist | >= 4.5.0, < 4.9.6 | 4.9.6 |
contao/contaoPackagist | >= 4.0.0, < 4.4.52 | 4.4.52 |
contao/contaoPackagist | >= 4.5.0, < 4.9.6 | 4.9.6 |
contao/contaoPackagist | >= 4.10.0, < 4.10.1 | 4.10.1 |
contao/core-bundlePackagist | >= 4.10.0, < 4.10.1 | 4.10.1 |
Affected products
3- Contao/Contaodescription
- ghsa-coords2 versions
>= 4.0.0, < 4.4.52+ 1 more
- (no CPE)range: >= 4.0.0, < 4.4.52
- (no CPE)range: >= 4.0.0, < 4.4.52
Patches
Vulnerability mechanics
References
7- github.com/advisories/GHSA-f7wm-x4gw-6m23ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2020-25768ghsaADVISORY
- community.contao.org/en/forumdisplay.phpghsax_refsource_MISCWEB
- contao.org/en/security-advisories/insert-tag-injection-in-forms.htmlghsax_refsource_CONFIRMWEB
- github.com/FriendsOfPHP/security-advisories/blob/master/contao/contao/CVE-2020-25768.yamlghsaWEB
- github.com/FriendsOfPHP/security-advisories/blob/master/contao/core-bundle/CVE-2020-25768.yamlghsaWEB
- github.com/contao/contao/security/advisories/GHSA-f7wm-x4gw-6m23ghsaWEB
News mentions
0No linked articles in our index yet.