Description

Contao is a powerful open source CMS that allows you to create professional websites and scalable web applications. In versions of Contao prior to 4.13.3 it is possible to inject code into the canonical tag. As a workaround users may disable canonical tags in the root page settings.

Remediation

References

CVE-2022-24899

Related Vulnerabilities

WordPress Plugin Timetable and Event Schedule by MotoPress Cross-Site Scripting (2.3.18)

Coppermine Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2008-0504)

WordPress Plugin WooCommerce Quick Reports Cross-Site Scripting (1.0.6)

PHP Time-of-check Time-of-use (TOCTOU) Race Condition Vulnerability (CVE-2004-0594)

WordPress Plugin Google Analytics MU Cross-Site Request Forgery (2.3.1)

Severity

Medium

Classification

CVE-2022-24899 CWE-707 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities