Contao 5.4.1 Vulnerability Allows for Malicious Code Execution via SVG File Upload
CVE-2024-45965

6.4MEDIUM

Key Information:

Vendor

Contao

Status
Contao
Vendor
CVE Published:
2 October 2024

What is CVE-2024-45965?

Contao before 5.5.6 allows XSS via an SVG document. This affects (in contao/core-bundle in Composer) 4.x before 4.13.54, 5.0.x through 5.3.x before 5.3.30, and 5.4.x and 5.5..x before 5.5.6.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Contao 4.0.0 < 4.13.54

Contao 5.0.0 < 5.3.30

Contao 5.4.0 < 5.5.6

References

https://grimthereaperteam.medium.com/contao-5-4-1-malicio...
https://contao.org/en/security-advisories/cross-site-scri...

CVSS V3.1

Score:
6.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

JSON
.