Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Oveleon Cookiebar reflected Cross-site Scripting vulnerability
Vulnerability Description
Oveleon Cookie Bar is a cookie bar is for the Contao Open Source CMS and allows a visitor to define cookie & privacy settings for the website. Prior to versions 1.16.3 and 2.1.3, the `block/locale` endpoint does not properly sanitize the user-controlled `locale` input before including it in the backend's HTTP response, thereby causing reflected cross-site scripting. Versions 1.16.3 and 2.1.3 contain a patch for the vulnerability.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Vulnerability Type
在Web页面生成时对输入的转义处理不恰当(跨站脚本)
Vulnerability Title
Cookie Bar 跨站脚本漏洞
Vulnerability Description
Cookie Bar是Oveleon开源的一个用于 Contao 的应用程序。允许访问者定义网站的 cookie 和隐私设置。 Cookie Bar存在跨站脚本漏洞,该漏洞源于block/locale端口没有正确清理locale参数,从而导致反射式跨站点脚本。
CVSS Information
N/A
Vulnerability Type
N/A