CVE-2024-47069

CVSS 3.1 Score 6.1 of 10 (medium)

Details

Published Sep 23, 2024
CWE ID 79

Summary

CVE-2024-47069 affects the Oveleon Cookie Bar for the Contao Open Source CMS, specifically prior to versions 1.16.3 and 2.1.3, which are vulnerable to reflected cross-site scripting due to improper sanitization of user-controlled input in the block/locale endpoint. To mitigate this vulnerability, users must upgrade their installations to at least version 1.16.3 or 2.1.3, which contain the necessary patches. The vulnerability has a medium severity rating with a CVSS base score of 6.1 and requires user interaction for exploitation, primarily impacting web application integrity and potentially allowing attackers to execute malicious scripts in a user's browser session. Affected products include various Oveleon implementations that utilize this cookie bar functionality, posing risks such as unauthorized data access or session hijacking if not remediated promptly. For further details on prevention measures, resources like the OWASP Cross-Site Scripting Prevention Cheat Sheet are recommended for implementation guidance.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share