We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

THREATINT
PUBLISHED

CVE-2024-47069

Oveleon Cookiebar reflected Cross-site Scripting vulnerability



Description

Oveleon Cookie Bar is a cookie bar is for the Contao Open Source CMS and allows a visitor to define cookie & privacy settings for the website. Prior to versions 1.16.3 and 2.1.3, the `block/locale` endpoint does not properly sanitize the user-controlled `locale` input before including it in the backend's HTTP response, thereby causing reflected cross-site scripting. Versions 1.16.3 and 2.1.3 contain a patch for the vulnerability.

Reserved 2024-09-17 | Published 2024-09-23 | Updated 2024-09-23 | Assigner GitHub_M


MEDIUM: 6.1CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Problem types

CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Product status

< 1.16.3
affected

>= 2.0.0, < 2.1.3
affected

References

github.com/oveleon/contao-cookiebar/security/advisories/GHSA-296q-rj83-g9rq

github.com/...n/contao-cookiebar/commit/1d57470be5878f66d5e1e23f624dd387564b9b8d

cheatsheetseries.owasp.org/...s/Cross_Site_Scripting_Prevention_Cheat_Sheet.html

github.com/...n/contao-cookiebar/blob/2.x/src/Controller/CookiebarController.php

cve.org (CVE-2024-47069)

nvd.nist.gov (CVE-2024-47069)

Download JSON

Share this page
https://cve.threatint.com/CVE/CVE-2024-47069

Support options

Helpdesk Chat, Email, Knowledgebase
Telegram Chat
Subscribe to our newsletter to learn more about our work.