PT-2024-31708 · Contao · Contao
Aschempp
·
Published
2024-09-17
·
Updated
2024-09-23
·
CVE-2024-45612
CVSS v4.0
6.9
Medium
| Vector | AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N |
Name of the Vulnerable Software and Affected Versions:
Contao versions prior to 4.13.49
Contao versions prior to 5.3.15
Contao versions prior to 5.4.3
Description:
In affected versions of Contao, an Open Source CMS, an untrusted user can inject insert tags into the canonical tag, which are then replaced on the web page.
Recommendations:
For versions prior to 4.13.49, update to Contao 4.13.49.
For versions prior to 5.3.15, update to Contao 5.3.15.
For versions prior to 5.4.3, update to Contao 5.4.3.
As a temporary workaround, consider disabling canonical tags in the root page settings until a patch is available.
Exploit
Fix
Special Elements Injection
XSS
RCE
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Contao