Main Vulnerability Database Vulnerabilities #VU130133

Improper Neutralization of Special Elements in Output Used by a Downstream Component in Contao - CVE-2020-25768

Published: September 24, 2020 / Updated: May 5, 2026

Vulnerability identifier: #VU130133

CSH Severity: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2020-25768

CWE-ID: CWE-74

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Contao

Software vendor:
Contao

Description

The vulnerability allows a remote attacker to disclose sensitive information.

The vulnerability exists due to improper input neutralization in front end forms when processing user-supplied form input. A remote attacker can inject insert tags to disclose sensitive information.

The issue is triggered when injected insert tags are replaced during page rendering.

Remediation

Install security update from vendor's website.

Improper Neutralization of Special Elements in Output Used by a Downstream Component in Contao - CVE-2020-25768

Description

Remediation

External links

Please verify you're human