Home

Description

Oveleon Cookie Bar is a cookie bar is for the Contao Open Source CMS and allows a visitor to define cookie & privacy settings for the website. Prior to versions 1.16.3 and 2.1.3, the `block/locale` endpoint does not properly sanitize the user-controlled `locale` input before including it in the backend's HTTP response, thereby causing reflected cross-site scripting. Versions 1.16.3 and 2.1.3 contain a patch for the vulnerability.

PUBLISHED Reserved 2024-09-17 | Published 2024-09-23 | Updated 2024-09-23 | Assigner GitHub_M




MEDIUM: 6.1CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Problem types

CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Product status

< 1.16.3
affected

>= 2.0.0, < 2.1.3
affected

References

github.com/...kiebar/security/advisories/GHSA-296q-rj83-g9rq

github.com/...ommit/1d57470be5878f66d5e1e23f624dd387564b9b8d

cheatsheetseries.owasp.org/...ng_Prevention_Cheat_Sheet.html

github.com/...lob/2.x/src/Controller/CookiebarController.php

cve.org (CVE-2024-47069)

nvd.nist.gov (CVE-2024-47069)

Download JSON

Data based on CVE®. Copyright © 1999-2025, The MITRE Corporation. All rights reserved.