Reflected Cross Site-Scripting (XSS) in Oveleon Cookiebar
usd-2024-0009 | Reflected XSS in Oveleon Cookiebar Details Advisory ID: usd-2024-0009 Product: Cookiebar Affected Version: 2.X Vulnerability Type: CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Security Risk: HIGH, CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:L/SI:L/SA:N Vendor URL: https://www.usd.de/ CVE Number: Not requested yet CVE Link: Not requested yet Affected Component The block function in CookiebarController.php. Desciption Oveleon's Cookiebar is an extension for the popular Contao CMS. The block/locale endpoint does not properly …