Moderate severityNVD Advisory· Published Sep 23, 2024· Updated Sep 23, 2024
Oveleon Cookiebar reflected Cross-site Scripting vulnerability
CVE-2024-47069
Description
Oveleon Cookie Bar is a cookie bar is for the Contao Open Source CMS and allows a visitor to define cookie & privacy settings for the website. Prior to versions 1.16.3 and 2.1.3, the block/locale endpoint does not properly sanitize the user-controlled locale input before including it in the backend's HTTP response, thereby causing reflected cross-site scripting. Versions 1.16.3 and 2.1.3 contain a patch for the vulnerability.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
oveleon/contao-cookiebarPackagist | < 1.16.3 | 1.16.3 |
oveleon/contao-cookiebarPackagist | >= 2.0.0, < 2.1.3 | 2.1.3 |
Affected products
2- oveleon/contao-cookiebarv5Range: < 1.16.3
Patches
Vulnerability mechanics
References
6- github.com/advisories/GHSA-296q-rj83-g9rqghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2024-47069ghsaADVISORY
- cheatsheetseries.owasp.org/cheatsheets/Cross_Site_Scripting_Prevention_Cheat_Sheet.htmlghsax_refsource_MISCWEB
- github.com/oveleon/contao-cookiebar/blob/2.x/src/Controller/CookiebarController.phpghsax_refsource_MISCWEB
- github.com/oveleon/contao-cookiebar/commit/1d57470be5878f66d5e1e23f624dd387564b9b8dghsax_refsource_MISCWEB
- github.com/oveleon/contao-cookiebar/security/advisories/GHSA-296q-rj83-g9rqghsax_refsource_CONFIRMWEB
News mentions
0No linked articles in our index yet.