CVE-2024-47069

Name of the Vulnerable Software and Affected Versions Oveleon Cookie Bar versions prior to 1.16.3 and 2.1.3

Description The block/locale endpoint does not properly sanitize the user-controlled locale input before including it in the backend's HTTP response, thereby causing reflected cross-site scripting. This issue affects Oveleon Cookie Bar, a tool for the Contao Open Source CMS that lets visitors set cookie and privacy preferences.

Recommendations For versions prior to 1.16.3, update to version 1.16.3 or later. For versions prior to 2.1.3, update to version 2.1.3 or later. As a temporary workaround, consider disabling the block/locale endpoint until a patch is available. Restrict access to the block/locale endpoint to minimize the risk of exploitation. Sanitize the locale input to prevent XSS payloads from being executed in a user's browser.