Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
Contao Improper Neutralization of Special Elements in Output Used by a Downstream Component (Injection) Vulnerability - CVE-2024-28191 - Vulnerability Database
Contao

Contao Improper Neutralization of Special Elements in Output Used by a Downstream Component (Injection) Vulnerability - CVE-2024-28191

Medium
Reference: CVE-2024-28191
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2024-28191
Title: Contao Improper Neutralization of Special Elements in Output Used by a Downstream Component (Injection) Vulnerability
Overview:

Contao is an open source content management system. Starting in version 4.0.0 and prior to version 4.13.40 and 5.3.4 it is possible to inject insert tags in frontend forms if the output is structured in a very specific way. Contao versions 4.13.40 and 5.3.4 have a patch for this issue. As a workaround do not output user data from frontend forms next to each other always separate them by at least one character.