CVE-2024-47069

Summary

Oveleon Cookie Bar is a cookie bar is for the Contao Open Source CMS and allows a visitor to define cookie & privacy settings for the website. Prior to versions 1.16.3 and 2.1.3, the block/locale endpoint does not properly sanitize the user-controlled locale input before including it in the backend's HTTP response, thereby causing reflected cross-site scripting. Versions 1.16.3 and 2.1.3 contain a patch for the vulnerability.

Affected Software

VendorProductVersion RangeStatus
oveleoncontao-cookiebar< 1.16.3affected
oveleoncontao-cookiebar>= 2.0.0, < 2.1.3affected

Weaknesses

  • CWE-79: CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: partial

References