Description

Contao is a powerful open source CMS that allows you to create professional websites and scalable web applications. In versions of Contao prior to 4.13.3 it is possible to inject code into the canonical tag. As a workaround users may disable canonical tags in the root page settings.

Remediation

References

CVE-2022-24899

Related Vulnerabilities

Joomla! Core 1.5.x Security Bypass (1.5.0 - 1.5.15)

WordPress Plugin Safe SVG Cross-Site Scripting (1.9.5)

Moodle Uncontrolled Recursion Vulnerability (CVE-2021-36395)

phpMyFAQ Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2017-14619)

MySQL CVE-2021-2144 Vulnerability (CVE-2021-2144)

Severity

Medium

Classification

CVE-2022-24899 CWE-707 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N

Tags

Missing Update Known Vulnerabilities