2 matches found
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the block/locale endpoint due to improper sanitization of the locale parameter. PoC html https://redacted.de/cookiebar/block/dens82w%22%3E%3Cimg%20src%3da%20onerror%3dalert1%3Ew9qt...
PT-2024-32386 · Contao +1 · Contao Open Source Cms +1
Name of the Vulnerable Software and Affected Versions: Oveleon Cookie Bar versions prior to 1.16.3 and 2.1.3 Description: The block/locale endpoint does not properly sanitize the user-controlled locale input before including it in the backend's HTTP response, thereby causing reflected cross-site...