.. / CVE-2022-24899

Exploit for Contao <4.13.3 - Cross-Site Scripting (CVE-2022-24899)

Description:

Contao prior to 4.13.3 contains a cross-site scripting vulnerability. It is possible to inject arbitrary JavaScript code into the canonical tag.

Nuclei Template

View the template here CVE-2022-24899.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2022/CVE-2022-24899.yaml
Copy

References:

https://nvd.nist.gov/vuln/detail/CVE-2022-24899
https://contao.org/en/security-advisories/cross-site-scripting-via-canonical-url.html
https://huntr.dev/bounties/df46e285-1b7f-403c-8f6c-8819e42deb80/
https://github.com/contao/contao/security/advisories/GHSA-m8x6-6r63-qvj2
https://github.com/contao/contao/commit/199206849a87ddd0fa5cf674eb3c58292fd8366c