Description

Contao is a powerful open source CMS that allows you to create professional websites and scalable web applications. In versions of Contao prior to 4.13.3 it is possible to inject code into the canonical tag. As a workaround users may disable canonical tags in the root page settings.

Remediation

References

CVE-2022-24899

Related Vulnerabilities

WordPress Plugin Absolute Reviews Cross-Site Request Forgery (1.0.8)

Apache HTTP Server Other Vulnerability (CVE-1999-0045)

MediaWiki Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2021-31546)

ATutor Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-27008)

WordPress Plugin WP Custom Pages 'url' Parameter Local File Disclosure (0.5.0.1)

Severity

Medium

Classification

CVE-2022-24899 CWE-707 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities