CVE-2022-24899
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in packagist/contao/contao
Identifiers
GHSA-m8x6-6r63-qvj2, CVE-2022-24899
Package Slug
packagist/contao/contao
Vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Description
Contao is a powerful open source CMS that allows you to create professional websites and scalable web applications. In versions of Contao prior to 4.13.3 it is possible to inject code into the canonical tag. As a workaround users may disable canonical tags in the root page settings.
Affected Versions
All versions starting from 4.13.0 before 4.13.3
Solution
Upgrade to version 4.13.3 or above.
Last Modified
2024-02-05
| source |