Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Insert tag injection via canonical URL in Contao
Vulnerability Description
Contao is an Open Source CMS. In affected versions an untrusted user can inject insert tags into the canonical tag, which are then replaced on the web page (front end). Users are advised to update to Contao 4.13.49, 5.3.15 or 5.4.3. Users unable to upgrade should disable canonical tags in the root page settings.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Vulnerability Type
输入验证不恰当
Vulnerability Title
Contao 输入验证错误漏洞
Vulnerability Description
Contao是Contao开源的一套采用PHP开发的开源内容管理系统(CMS)。该系统支持搜索引擎、权限管理和CSS框架等。 Contao 4.13.0及之前版本存在输入验证错误漏洞,该漏洞源于未受信任的用户可以在规范标签中注入插入标签,这些标签随后在网页前端被替换。
CVSS Information
N/A
Vulnerability Type
N/A