[MEDIUM] Insert tag injection in the login module

PKSA-hg6f-pdnr-w5hp CVE-2019-19714 GHSA-jc43-qrrp-98f5

Affected package: contao/core-bundle

Affected version: >=4.8.4,<4.8.6

Reported by:
FriendsOfPHP/security-advisories, GitHub