We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
It is possible to inject insert tags via the form generator if the submitted form data is output on the page in a specific way.
Update to Contao 4.13.40 or 5.3.4.
Do not output the submitted form data on the website.
https://contao.org/en/security-advisories/insert-tag-injection-via-the-form-generator
If you have any questions or comments about this advisory, open an issue in contao/contao.
Impact
It is possible to inject insert tags via the form generator if the submitted form data is output on the page in a specific way.
Patches
Update to Contao 4.13.40 or 5.3.4.
Workarounds
Do not output the submitted form data on the website.
References
https://contao.org/en/security-advisories/insert-tag-injection-via-the-form-generator
For more information
If you have any questions or comments about this advisory, open an issue in contao/contao.