CVE-2022-24899

Опубликовано: 06 мая 2022

Источник: nvd

CVSS3: 7.2

CVSS3: 6.1

CVSS2: 4.3

EPSS Средний

Описание

Contao is a powerful open source CMS that allows you to create professional websites and scalable web applications. In versions of Contao prior to 4.13.3 it is possible to inject code into the canonical tag. As a workaround users may disable canonical tags in the root page settings.

Ссылки

https://contao.org/en/security-advisories/cross-site-scripting-via-canonical-url.html
Vendor Advisory
https://github.com/contao/contao/commit/199206849a87ddd0fa5cf674eb3c58292fd8366c
Patch
Third Party Advisory
https://github.com/contao/contao/security/advisories/GHSA-m8x6-6r63-qvj2
Third Party Advisory
https://contao.org/en/security-advisories/cross-site-scripting-via-canonical-url.html
Vendor Advisory
https://github.com/contao/contao/commit/199206849a87ddd0fa5cf674eb3c58292fd8366c
Patch
Third Party Advisory
https://github.com/contao/contao/security/advisories/GHSA-m8x6-6r63-qvj2
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:contao:contao:*:*:*:*:*:*:*:*

Версия от 4.13.0 (включая) до 4.13.2 (включая)

EPSS

Процентиль: 98%

0.59505

Средний

7.2 High

CVSS3

6.1 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-m8x6-6r63-qvj2

CVSS3: 7.2

github

больше 3 лет назад

Cross site scripting via canonical tag in Contao

EPSS

Процентиль: 98%

0.59505

Средний

7.2 High

CVSS3

6.1 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-79