We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.
Please see our statement on Data Privacy.
Oveleon Cookie Bar is a cookie bar is for the Contao Open Source CMS and allows a visitor to define cookie & privacy settings for the website. Prior to versions 1.16.3 and 2.1.3, the `block/locale` endpoint does not properly sanitize the user-controlled `locale` input before including it in the backend's HTTP response, thereby causing reflected cross-site scripting. Versions 1.16.3 and 2.1.3 contain a patch for the vulnerability.
Reserved 2024-09-17 | Published 2024-09-23 | Updated 2024-09-23 | Assigner GitHub_MCWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
github.com/oveleon/contao-cookiebar/security/advisories/GHSA-296q-rj83-g9rq
github.com/...n/contao-cookiebar/commit/1d57470be5878f66d5e1e23f624dd387564b9b8d
cheatsheetseries.owasp.org/...s/Cross_Site_Scripting_Prevention_Cheat_Sheet.html
github.com/...n/contao-cookiebar/blob/2.x/src/Controller/CookiebarController.php
Support options