CVE-2024-45612 Insert tag injection via canonical URL in Contao

Contao is an Open Source CMS. In affected versions an untrusted user can inject insert tags into the canonical tag, which are then replaced on the web page front end. Users are advised to update to Contao 4.13.49, 5.3.15 or 5.4.3. Users unable to upgrade should disable canonical tags in the root...

Contao affected by insert tag injection via canonical URL

Impact It is possible to inject insert tags in canonical URLs which will be replaced when the page is rendered. Patches Update to Contao 4.13.49, 5.3.15 or 5.4.3. Workarounds Disable canonical tags in the settings of the website root page. References...

GHSA-2XPQ-XP6C-5MGJ Contao affected by insert tag injection via canonical URL

Impact It is possible to inject insert tags in canonical URLs which will be replaced when the page is rendered. Patches Update to Contao 4.13.49, 5.3.15 or 5.4.3. Workarounds Disable canonical tags in the settings of the website root page. References...

Contao Insert tag injection in forms

Impact It is possible to inject insert tags in front end forms which will be replaced when the page is rendered. Patches Update to Contao 4.4.52, 4.9.6 or 4.10.1. Workarounds Disable the front end login form and do not use form fields with array keys such as fieldname. References...