CVE-2022-24899

Sažetak

Contao is a powerful open source CMS that allows you to create professional websites and scalable web applications. In versions of Contao prior to 4.13.3 it is possible to inject code into the canonical tag. As a workaround users may disable canonical tags in the root page settings.

Reference

https://github.com/contao/contao/security/advisories/GHSA-m8x6-6r63-qvj2
https://github.com/contao/contao/commit/199206849a87ddd0fa5cf674eb3c58292fd8366c
https://contao.org/en/security-advisories/cross-site-scripting-via-canonical-url.html

CVSS

Base:	4.3
Impact:	2.9
Exploitability:	8.6

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
NONE	PARTIAL	NONE

CVSS vektor

AV:N/AC:M/Au:N/C:N/I:P/A:N

Zadnje važnije ažuriranje

13-05-2022 - 19:34

Objavljeno

06-05-2022 - 00:15