{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-07T15:06:22.860","vulnerabilities":[{"cve":{"id":"CVE-2024-45612","sourceIdentifier":"security-advisories@github.com","published":"2024-09-17T19:15:28.250","lastModified":"2024-09-23T19:33:04.650","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Contao is an Open Source CMS. In affected versions an untrusted user can inject insert tags into the canonical tag, which are then replaced on the web page (front end). Users are advised to update to Contao 4.13.49, 5.3.15 or 5.4.3. Users unable to upgrade should disable canonical tags in the root page settings."},{"lang":"es","value":"Contao es un CMS de código abierto. En las versiones afectadas, un usuario no confiable puede insertar etiquetas de inserción en la etiqueta canónica, que luego se reemplazan en la página web (interfaz). Se recomienda a los usuarios que actualicen a Contao 4.13.49, 5.3.15 o 5.4.3. Los usuarios que no puedan actualizar deben deshabilitar las etiquetas canónicas en la configuración de la página raíz."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-20"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-74"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:contao:contao:*:*:*:*:*:*:*:*","versionStartIncluding":"4.13.0","versionEndExcluding":"4.13.49","matchCriteriaId":"654C764D-CA76-404D-8D37-FCD94B38C980"},{"vulnerable":true,"criteria":"cpe:2.3:a:contao:contao:*:*:*:*:*:*:*:*","versionStartIncluding":"5.3.0","versionEndExcluding":"5.3.15","matchCriteriaId":"81742BA9-7293-4F0A-87B6-AEB4618143E6"},{"vulnerable":true,"criteria":"cpe:2.3:a:contao:contao:*:*:*:*:*:*:*:*","versionStartIncluding":"5.4.0","versionEndExcluding":"5.4.3","matchCriteriaId":"BB66A97A-A8FA-4D3A-8E93-6692772217AC"}]}]}],"references":[{"url":"https://contao.org/en/security-advisories/insert-tag-injection-via-canonical-urls","source":"security-advisories@github.com","tags":["Vendor Advisory"]},{"url":"https://github.com/contao/contao/security/advisories/GHSA-2xpq-xp6c-5mgj","source":"security-advisories@github.com","tags":["Vendor Advisory"]}]}}]}