Contao is an Open Source CMS. In affected versions an untrusted user can inject insert tags into the canonical tag, which are then replaced on the web page (front end). Users are advised to update to Contao 4.13.49, 5.3.15 or 5.4.3. Users unable to upgrade should disable canonical tags in the root page settings.
History

Mon, 23 Sep 2024 20:00:00 +0000

Type Values Removed Values Added
Weaknesses CWE-74

Wed, 18 Sep 2024 14:30:00 +0000

Type Values Removed Values Added
First Time appeared Contao
Contao contao
CPEs cpe:2.3:a:contao:contao:*:*:*:*:*:*:*:*
Vendors & Products Contao
Contao contao
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Tue, 17 Sep 2024 18:45:00 +0000

Type Values Removed Values Added
Description Contao is an Open Source CMS. In affected versions an untrusted user can inject insert tags into the canonical tag, which are then replaced on the web page (front end). Users are advised to update to Contao 4.13.49, 5.3.15 or 5.4.3. Users unable to upgrade should disable canonical tags in the root page settings.
Title Insert tag injection via canonical URL in Contao
Weaknesses CWE-20
References
Metrics cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N'}


cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2024-09-17T18:29:27.210Z

Updated: 2024-09-18T14:09:48.584Z

Reserved: 2024-09-02T16:00:02.425Z

Link: CVE-2024-45612

cve-icon Vulnrichment

Updated: 2024-09-18T14:09:42.712Z

cve-icon NVD

Status : Analyzed

Published: 2024-09-17T19:15:28.250

Modified: 2024-09-23T19:33:04.650

Link: CVE-2024-45612

cve-icon Redhat

No data.