Contao is an Open Source CMS. In affected versions an untrusted user can inject insert tags into the canonical tag, which are then replaced on the web page (front end). Users are advised to update to Contao 4.13.49, 5.3.15 or 5.4.3. Users unable to upgrade should disable canonical tags in the root page settings.
References
Link | Resource |
---|---|
https://contao.org/en/security-advisories/insert-tag-injection-via-canonical-urls | Vendor Advisory |
https://github.com/contao/contao/security/advisories/GHSA-2xpq-xp6c-5mgj | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
23 Sep 2024, 19:33
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-74 | |
First Time |
Contao contao
Contao |
|
CPE | cpe:2.3:a:contao:contao:*:*:*:*:*:*:*:* | |
References | () https://contao.org/en/security-advisories/insert-tag-injection-via-canonical-urls - Vendor Advisory | |
References | () https://github.com/contao/contao/security/advisories/GHSA-2xpq-xp6c-5mgj - Vendor Advisory |
20 Sep 2024, 12:30
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
17 Sep 2024, 19:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-09-17 19:15
Updated : 2024-09-23 19:33
NVD link : CVE-2024-45612
Mitre link : CVE-2024-45612
CVE.ORG link : CVE-2024-45612
JSON object : View
Products Affected
contao
- contao