CVE-2024-28191

Source
https://nvd.nist.gov/vuln/detail/CVE-2024-28191
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-28191.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2024-28191
Aliases
Published
2024-04-09T14:15:08Z
Modified
2024-10-12T11:21:22.144546Z
Summary
[none]
Details

Contao is an open source content management system. Starting in version 4.0.0 and prior to version 4.13.40 and 5.3.4, it is possible to inject insert tags in frontend forms if the output is structured in a very specific way. Contao versions 4.13.40 and 5.3.4 have a patch for this issue. As a workaround, do not output user data from frontend forms next to each other, always separate them by at least one character.

References

Affected packages

Git / github.com/contao/contao

Affected ranges

Type
GIT
Repo
https://github.com/contao/contao
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Fixed

Affected versions

4.*

4.10.0
4.10.0-RC1
4.10.0-RC2
4.10.0-RC3
4.10.0-RC4
4.10.1
4.10.2
4.10.3
4.10.4
4.10.5
4.10.6
4.10.7
4.11.0
4.11.0-RC1
4.11.0-RC2
4.11.1
4.11.2
4.11.3
4.11.4
4.11.5
4.11.6
4.11.7
4.11.8
4.11.9
4.12.0
4.12.0-RC1
4.12.0-RC2
4.12.0-RC3
4.12.1
4.12.2
4.12.3
4.12.4
4.12.5
4.12.6
4.12.7
4.13.0
4.13.0-RC1
4.13.0-RC2
4.13.0-RC3
4.13.1
4.13.10
4.13.11
4.13.12
4.13.13
4.13.14
4.13.15
4.13.16
4.13.17
4.13.18
4.13.19
4.13.2
4.13.20
4.13.21
4.13.22
4.13.23
4.13.24
4.13.25
4.13.26
4.13.27
4.13.28
4.13.29
4.13.3
4.13.30
4.13.31
4.13.32
4.13.33
4.13.34
4.13.35
4.13.36
4.13.37
4.13.38
4.13.39
4.13.4
4.13.5
4.13.6
4.13.7
4.13.8
4.13.9
4.4.22
4.4.23
4.4.24
4.4.25
4.4.26
4.4.27
4.4.28
4.4.29
4.4.30
4.4.31
4.4.32
4.4.33
4.4.34
4.4.35
4.4.36
4.4.37
4.4.38
4.4.39
4.4.40
4.4.41
4.4.42
4.4.43
4.4.44
4.4.45
4.4.46
4.4.47
4.4.48
4.4.49
4.4.50
4.4.51
4.4.52
4.4.53
4.4.54
4.4.55
4.5.13
4.5.14
4.6.0
4.6.1
4.6.10
4.6.11
4.6.12
4.6.13
4.6.14
4.6.2
4.6.3
4.6.4
4.6.5
4.6.6
4.6.7
4.6.8
4.6.9
4.7.0
4.7.0-RC1
4.7.0-RC2
4.7.0-RC3
4.7.0-RC4
4.7.1
4.7.2
4.7.3
4.7.4
4.7.5
4.7.6
4.7.7
4.8.0
4.8.0-RC1
4.8.0-RC2
4.8.1
4.8.2
4.8.3
4.8.4
4.8.5
4.8.6
4.8.7
4.8.8
4.9.0
4.9.0-RC1
4.9.0-RC2
4.9.1
4.9.10
4.9.11
4.9.12
4.9.13
4.9.14
4.9.15
4.9.16
4.9.17
4.9.18
4.9.19
4.9.2
4.9.20
4.9.21
4.9.22
4.9.23
4.9.24
4.9.25
4.9.26
4.9.27
4.9.28
4.9.29
4.9.3
4.9.30
4.9.31
4.9.32
4.9.33
4.9.34
4.9.35
4.9.36
4.9.37
4.9.38
4.9.39
4.9.4
4.9.40
4.9.41
4.9.5
4.9.6
4.9.7
4.9.8
4.9.9