Main Vulnerability Database Vulnerabilities #VU34958

Input validation error in Contao - CVE-2019-19714

Published: December 17, 2019 / Updated: April 24, 2026

Vulnerability identifier: #VU34958

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2019-19714

CWE-ID: CWE-20

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Contao

Affected software:
Contao

Detailed vulnerability description

The vulnerability allows a remote non-authenticated attacker to manipulate data.

Contao 4.8.4 and 4.8.5 has Improper Encoding or Escaping of Output. It is possible to inject insert tags into the login module which will be replaced when the page is rendered.

How to mitigate CVE-2019-19714

Install update from vendor's website.

Sources

https://contao.org/en/news.html
https://contao.org/en/security-advisories/insert-tag-injection-in-the-login-module.html
https://github.com/contao/contao/security/advisories/GHSA-jc43-qrrp-98f5

Input validation error in Contao - CVE-2019-19714

Detailed vulnerability description

How to mitigate CVE-2019-19714

Sources

Please verify you're human