PT-2022-16968 · Contao · Contao

Leofeyer

Published

2022-05-05

Updated

2022-05-20

CVE-2022-24899

CVSS v3.1

7.2

High

Vector

AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Contao versions prior to 4.13.3

Description The issue allows untrusted users to inject malicious code into the canonical tag, which is then executed on the web page. This can be done in versions of Contao prior to 4.13.3. As a temporary measure, users may disable canonical tags in the root page settings to mitigate the risk.

Recommendations Update to Contao 4.13.3. As a temporary workaround, consider disabling canonical tags in the root page settings until the update is applied.

Exploit

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2022-24899

GHSA-M8X6-6R63-QVJ2

Affected Products

Contao

PT-2022-16968 · Contao · Contao

CVE-2022-24899

Weakness Enumeration

Related Identifiers

Affected Products

References · 12