CVE-2022-24899: Cross site scripting via canonical tag in Contao
(updated )
Untrusted users can inject malicious code into the canonical tag, which is then executed on the web page (front end).
References
- contao.org/en/security-advisories/cross-site-scripting-via-canonical-url.html
- github.com/FriendsOfPHP/security-advisories/blob/master/contao/contao/CVE-2022-24899.yaml
- github.com/FriendsOfPHP/security-advisories/blob/master/contao/core-bundle/CVE-2022-24899.yaml
- github.com/advisories/GHSA-m8x6-6r63-qvj2
- github.com/contao/contao
- github.com/contao/contao/commit/199206849a87ddd0fa5cf674eb3c58292fd8366c
- github.com/contao/contao/security/advisories/GHSA-m8x6-6r63-qvj2
- nvd.nist.gov/vuln/detail/CVE-2022-24899
Code Behaviors & Features
Detect and mitigate CVE-2022-24899 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →