CVE-2022-24899
published 2022-05-06CVE-2022-24899: Contao is a powerful open source CMS that allows you to create professional websites and scalable web applications. In versions of Contao prior to 4.13.3 it is…
PriorityP342medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
EXPLOIT
EPSS
3.79%
88.7th percentile
Contao is a powerful open source CMS that allows you to create professional websites and scalable web applications. In versions of Contao prior to 4.13.3 it is possible to inject code into the canonical tag. As a workaround users may disable canonical tags in the root page settings.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| contao | contao | < 4.13.3 | 4.13.3 |
| contao | contao | >= 4.13.0 < 4.13.3 | 4.13.3 |
| contao | contao | 4.13.0 – 4.13.2 | — |
| contao | core-bundle | >= 4.13.0 < 4.13.3 | 4.13.3 |
CVSS provenance
nvdv3.16.1MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
Cross site scripting via canonical tag in Contao
ghsa·2022-05-20
CVE-2022-24899 [HIGH] CWE-79 Cross site scripting via canonical tag in Contao
Cross site scripting via canonical tag in Contao
### Impact
Untrusted users can inject malicious code into the canonical tag, which is then executed on the web page (front end).
### Patches
Update to Contao 4.13.3.
### Workarounds
Disable canonical tags in the root page settings.
### References
https://contao.org/en/security-advisories/cross-site-scripting-via-canonical-url
### For more information
If you have any questions or comments about this advisory, open an issue in [contao/contao](https://github.com/contao/contao/issues/new/choose).
OSV
Cross site scripting via canonical tag in Contao
osv·2022-05-20
CVE-2022-24899 [HIGH] Cross site scripting via canonical tag in Contao
Cross site scripting via canonical tag in Contao
### Impact
Untrusted users can inject malicious code into the canonical tag, which is then executed on the web page (front end).
### Patches
Update to Contao 4.13.3.
### Workarounds
Disable canonical tags in the root page settings.
### References
https://contao.org/en/security-advisories/cross-site-scripting-via-canonical-url
### For more information
If you have any questions or comments about this advisory, open an issue in [contao/contao](https://github.com/contao/contao/issues/new/choose).
No detection rules found.
Nuclei
Contao <4.13.3 - Cross-Site Scripting
nuclei·CVSS 6.1
CVE-2022-24899 [MEDIUM] Contao <4.13.3 - Cross-Site Scripting
Contao alert(document.domain)'
- '"Not authenticated"'
condition: and
- type: word
part: header
words:
- text/html
# digest: 4a0a00473045022100b38f2320dad6cecb7bbaa00751c8205e14fd4f39a249ad0fd409ebe95ee48720022044e39e86b5347c4578e267f6645e840a931e21873141f762cce354b16e70a3c1:922c64590222798bb761d5b6d8e72950
No writeups or analysis indexed.
https://contao.org/en/security-advisories/cross-site-scripting-via-canonical-url.htmlhttps://github.com/contao/contao/commit/199206849a87ddd0fa5cf674eb3c58292fd8366chttps://github.com/contao/contao/security/advisories/GHSA-m8x6-6r63-qvj2https://contao.org/en/security-advisories/cross-site-scripting-via-canonical-url.htmlhttps://github.com/contao/contao/commit/199206849a87ddd0fa5cf674eb3c58292fd8366chttps://github.com/contao/contao/security/advisories/GHSA-m8x6-6r63-qvj2
2022-05-06
Published