CVE-2022-24899 Information

Jun 07, 2022 cve

Description

Contao is a powerful open source CMS that allows you to create professional websites and scalable web applications. In versions of Contao prior to 4.13.3 it is possible to inject code into the canonical tag. As a workaround users may disable canonical tags in the root page settings.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Reference

https://github.com/contao/contao/security/advisories/GHSA-m8x6-6r63-qvj2 https://github.com/contao/contao/commit/199206849a87ddd0fa5cf674eb3c58292fd8366c https://contao.org/en/security-advisories/cross-site-scripting-via-canonical-url.html https://contao.org/en/security-advisories/cross-site-scripting-via-canonical-url.html

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

REQUIRED

Confidentiality Impact

CHANGED

Integrity Impact

LOW

Availability Impact

LOW

Base Score

NONE

Base Severity

6.1

Share on: