CVE-2024-45612

Summary

Contao is an Open Source CMS. In affected versions an untrusted user can inject insert tags into the canonical tag, which are then replaced on the web page (front end). Users are advised to update to Contao 4.13.49, 5.3.15 or 5.4.3. Users unable to upgrade should disable canonical tags in the root page settings.

Affected Software

VendorProductVersion RangeStatus
contaocontao>= 4.13.0, < 4.13.49affected
contaocontao>= 5.0.0, < 5.3.15affected
contaocontao>= 5.4.0, < 5.4.3affected

Weaknesses

  • CWE-20: CWE-20: Improper Input Validation

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References