0.001 Low
EPSS
Percentile
38.7%
Contao 4.8.4 and 4.8.5 has Improper Encoding or Escaping of Output. It is possible to inject insert tags into the login module which will be replaced when the page is rendered.
contao.org/en/news.html
contao.org/en/security-advisories/insert-tag-injection-in-the-login-module.html