Lucene search
Veracode Vulnerability DatabaseVERACODE:35444HistoryMay 09, 2022 - 5:19 a.m.
Cross-site Scripting (XSS)
2022-05-0905:19:32
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
9
0.003 Low
EPSS
Percentile
71.6%
contao/core-bundle is vulnerable to cross-site scripting(XSS) attacks. The library does not properly sanitize the user inputs through the canonical tag, allowing an attacker to inject and execute malicious javascript.
| CPE | Name | Operator | Version |
|---|---|---|---|
| contao/core-bundle | le | 4.13.2 | |
| contao/core-bundle | le | 4.13.2 |
References
Related
osv
osv
CVE-2022-24899
2022-05-06 00:15:07
Cross site scripting via canonical tag in Contao
2022-05-20 19:54:56
friendsofphp
friendsofphp
Cross site scripting via canonical URL
2022-05-05 06:38:47
Cross site scripting via canonical URL
2022-05-05 06:38:47
prion
prion
Code injection
2022-05-06 00:15:00
nvd
nvd
CVE-2022-24899
2022-05-06 00:15:07
github
github
Cross site scripting via canonical tag in Contao
2022-05-20 19:54:56
huntr
huntr
Cross-site Scripting (XSS)
2022-04-28 10:33:33
contao
contao
Cross site scripting via canonical URL
2022-05-05 00:00:00
nuclei
nuclei
Contao <4.13.3 - Cross-Site Scripting
2022-06-18 18:50:43
cve
cve
CVE-2022-24899
2022-05-06 00:15:07
cvelist
cvelist
CVE-2022-24899 Cross site scripting via canonical tag
2022-05-05 23:45:13