10 matches found
CVE-2024-45612
Contao is an Open Source CMS. In affected versions an untrusted user can inject insert tags into the canonical tag, which are then replaced on the web page front end. Users are advised to update to Contao 4.13.49, 5.3.15 or 5.4.3. Users unable to upgrade should disable canonical tags in the root...
CVE-2024-45612 Insert tag injection via canonical URL in Contao
Contao is an Open Source CMS. In affected versions an untrusted user can inject insert tags into the canonical tag, which are then replaced on the web page front end. Users are advised to update to Contao 4.13.49, 5.3.15 or 5.4.3. Users unable to upgrade should disable canonical tags in the root...
PT-2024-31708 · Contao · Contao
Name of the Vulnerable Software and Affected Versions: Contao versions prior to 4.13.49 Contao versions prior to 5.3.15 Contao versions prior to 5.4.3 Description: In affected versions of Contao, an Open Source CMS, an untrusted user can inject insert tags into the canonical tag, which are then...
GHSA-M8X6-6R63-QVJ2 Cross site scripting via canonical tag in Contao
Impact Untrusted users can inject malicious code into the canonical tag, which is then executed on the web page front end. Patches Update to Contao 4.13.3. Workarounds Disable canonical tags in the root page settings. References...
Cross site scripting via canonical tag in Contao
Impact Untrusted users can inject malicious code into the canonical tag, which is then executed on the web page front end. Patches Update to Contao 4.13.3. Workarounds Disable canonical tags in the root page settings. References...
Cross-site Scripting (XSS)
contao/core-bundle is vulnerable to cross-site scriptingXSS attacks. The library does not properly sanitize the user inputs through the canonical tag, allowing an attacker to inject and execute malicious javascript...
Code injection
Contao is a powerful open source CMS that allows you to create professional websites and scalable web applications. In versions of Contao prior to 4.13.3 it is possible to inject code into the canonical tag. As a workaround users may disable canonical tags in the root page settings...
CVE-2022-24899 Cross site scripting via canonical tag
Contao is a powerful open source CMS that allows you to create professional websites and scalable web applications. In versions of Contao prior to 4.13.3 it is possible to inject code into the canonical tag. As a workaround users may disable canonical tags in the root page settings...
Cross site scripting via canonical URL
Date : 2022-05-05 CVE ID : CVE-2022-24899 Description Untrusted users can inject malicious code into the canonical tag, which is then executed on the web page front end. Affected versions Contao 4.13 up to 4.13.2 Suggested solution Update to Contao 4.13.3. Workaround Disable canonical tags in the...
Contao 跨站脚本漏洞
Contao is an open source content management system CMS developed using PHP. The system supports search engines, rights management and CSS frameworks. A security vulnerability exists in Contao versions 4.13.0 through 4.13.3 and earlier, which allows untrusted users to inject malicious code into...