Lucene search
K

10 matches found

NVD
NVD
added 2024/09/17 7:15 p.m.49 views

CVE-2024-45612

Contao is an Open Source CMS. In affected versions an untrusted user can inject insert tags into the canonical tag, which are then replaced on the web page front end. Users are advised to update to Contao 4.13.49, 5.3.15 or 5.4.3. Users unable to upgrade should disable canonical tags in the root...

5.3CVSS0.00298EPSS
Exploits0References2
OSV
OSV
added 2024/09/17 6:29 p.m.28 views

CVE-2024-45612 Insert tag injection via canonical URL in Contao

Contao is an Open Source CMS. In affected versions an untrusted user can inject insert tags into the canonical tag, which are then replaced on the web page front end. Users are advised to update to Contao 4.13.49, 5.3.15 or 5.4.3. Users unable to upgrade should disable canonical tags in the root...

5.3CVSS5.5AI score0.00298EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2024/09/17 12:0 a.m.5 views

PT-2024-31708 · Contao · Contao

Name of the Vulnerable Software and Affected Versions: Contao versions prior to 4.13.49 Contao versions prior to 5.3.15 Contao versions prior to 5.4.3 Description: In affected versions of Contao, an Open Source CMS, an untrusted user can inject insert tags into the canonical tag, which are then...

6.9CVSS7.2AI score0.00298EPSS
Exploits0References12
OSV
OSV
added 2022/05/20 7:54 p.m.27 views

GHSA-M8X6-6R63-QVJ2 Cross site scripting via canonical tag in Contao

Impact Untrusted users can inject malicious code into the canonical tag, which is then executed on the web page front end. Patches Update to Contao 4.13.3. Workarounds Disable canonical tags in the root page settings. References...

7.2CVSS6.4AI score0.03795EPSS
Exploits0References7
Github Security Blog
Github Security Blog
added 2022/05/20 7:54 p.m.127 views

Cross site scripting via canonical tag in Contao

Impact Untrusted users can inject malicious code into the canonical tag, which is then executed on the web page front end. Patches Update to Contao 4.13.3. Workarounds Disable canonical tags in the root page settings. References...

7.2CVSS6.2AI score0.03795EPSS
Exploits0References7Affected Software2
Veracode
Veracode
added 2022/05/09 5:19 a.m.21 views

Cross-site Scripting (XSS)

contao/core-bundle is vulnerable to cross-site scriptingXSS attacks. The library does not properly sanitize the user inputs through the canonical tag, allowing an attacker to inject and execute malicious javascript...

7.2CVSS3.1AI score0.03795EPSS
Exploits0References4Affected Software1
Prion
Prion
added 2022/05/06 12:15 a.m.14 views

Code injection

Contao is a powerful open source CMS that allows you to create professional websites and scalable web applications. In versions of Contao prior to 4.13.3 it is possible to inject code into the canonical tag. As a workaround users may disable canonical tags in the root page settings...

4.3CVSS6.2AI score0.03795EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2022/05/05 11:45 p.m.5 views

CVE-2022-24899 Cross site scripting via canonical tag

Contao is a powerful open source CMS that allows you to create professional websites and scalable web applications. In versions of Contao prior to 4.13.3 it is possible to inject code into the canonical tag. As a workaround users may disable canonical tags in the root page settings...

7.2CVSS7AI score0.03795EPSS
Exploits0References3
Contao
Contao
added 2022/05/05 12:0 a.m.67 views

Cross site scripting via canonical URL

Date : 2022-05-05 CVE ID : CVE-2022-24899 Description Untrusted users can inject malicious code into the canonical tag, which is then executed on the web page front end. Affected versions Contao 4.13 up to 4.13.2 Suggested solution Update to Contao 4.13.3. Workaround Disable canonical tags in the...

7.2CVSS6.3AI score0.03795EPSS
Exploits0Affected Software1
CNNVD
CNNVD
added 2022/05/05 12:0 a.m.5 views

Contao 跨站脚本漏洞

Contao is an open source content management system CMS developed using PHP. The system supports search engines, rights management and CSS frameworks. A security vulnerability exists in Contao versions 4.13.0 through 4.13.3 and earlier, which allows untrusted users to inject malicious code into...

7.2CVSS6.8AI score0.03795EPSS
Exploits0References5
Rows per page
Query Builder