Contao is an Open Source CMS. In affected versions an untrusted user can inject insert tags into the canonical tag, which are then replaced on the web page (front end). Users are advised to update to Contao 4.13.49, 5.3.15 or 5.4.3. Users unable to upgrade should disable canonical tags in the root page settings.
Metrics
Affected Vendors & Products
References
History
Mon, 23 Sep 2024 20:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Weaknesses | CWE-74 |
Wed, 18 Sep 2024 14:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Contao
Contao contao |
|
CPEs | cpe:2.3:a:contao:contao:*:*:*:*:*:*:*:* | |
Vendors & Products |
Contao
Contao contao |
|
Metrics |
ssvc
|
Tue, 17 Sep 2024 18:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | Contao is an Open Source CMS. In affected versions an untrusted user can inject insert tags into the canonical tag, which are then replaced on the web page (front end). Users are advised to update to Contao 4.13.49, 5.3.15 or 5.4.3. Users unable to upgrade should disable canonical tags in the root page settings. | |
Title | Insert tag injection via canonical URL in Contao | |
Weaknesses | CWE-20 | |
References |
| |
Metrics |
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: GitHub_M
Published: 2024-09-17T18:29:27.210Z
Updated: 2024-09-18T14:09:48.584Z
Reserved: 2024-09-02T16:00:02.425Z
Link: CVE-2024-45612
Vulnrichment
Updated: 2024-09-18T14:09:42.712Z
NVD
Status : Analyzed
Published: 2024-09-17T19:15:28.250
Modified: 2024-09-23T19:33:04.650
Link: CVE-2024-45612
Redhat
No data.