CVE-2024-45612

Insert tag injection via canonical URL in Contao

Description

Contao is an Open Source CMS. In affected versions an untrusted user can inject insert tags into the canonical tag, which are then replaced on the web page (front end). Users are advised to update to Contao 4.13.49, 5.3.15 or 5.4.3. Users unable to upgrade should disable canonical tags in the root page settings.

INFO

Published Date :

2024-09-17T18:29:27.210Z

Last Modified :

2024-09-18T14:09:48.584Z

Source :

GitHub_M

AFFECTED PRODUCTS

The following products are affected by CVE-2024-45612 vulnerability.

Vendors	Products
Contao	Contao

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-45612.

URL	Resource
https://contao.org/en/security-advisories/insert-tag-injection-via-canonical-urls
https://github.com/contao/contao/security/advisories/GHSA-2xpq-xp6c-5mgj

CVSS Vulnerability Scoring System

V3.1

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality Impact

Integrity Impact

Availability Impact