WEB APPLICATION VULNERABILITIES Standard & Premium

Contao Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2022-24899)

Description

Contao is a powerful open source CMS that allows you to create professional websites and scalable web applications. In versions of Contao prior to 4.13.3 it is possible to inject code into the canonical tag. As a workaround users may disable canonical tags in the root page settings.

Remediation

References

Related Vulnerabilities

IBM WebSEAL Inadequate Encryption Strength Vulnerability (CVE-2018-1814)

Ruby Resource Management Errors Vulnerability (CVE-2008-3656)

MySQL CVE-2018-2775 Vulnerability (CVE-2018-2775)

TYPO3 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2012-6147)

WordPress Plugin Gravity Upload Ajax Arbitrary File Upload (1.1)

Severity

Medium

Classification

CVE-2022-24899 CWE-707 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities