{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-22T07:11:10.576","vulnerabilities":[{"cve":{"id":"CVE-2024-47069","sourceIdentifier":"security-advisories@github.com","published":"2024-09-23T16:15:07.160","lastModified":"2024-09-30T13:40:36.460","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Oveleon Cookie Bar is a cookie bar is for the Contao Open Source CMS and allows a visitor to define cookie & privacy settings for the website. Prior to versions 1.16.3 and 2.1.3, the `block/locale` endpoint does not properly sanitize the user-controlled `locale` input before including it in the backend's HTTP response, thereby causing reflected cross-site scripting. Versions 1.16.3 and 2.1.3 contain a patch for the vulnerability."},{"lang":"es","value":"Oveleon Cookie Bar es una barra de cookies para el CMS de código abierto Contao y permite que un visitante defina la configuración de privacidad y cookies para el sitio web. Antes de las versiones 1.16.3 y 2.1.3, el punto de conexión `block/locale` no desinfecta correctamente la entrada `locale` controlada por el usuario antes de incluirla en la respuesta HTTP del backend, lo que provoca un error de cross-site scripting reflejado. Las versiones 1.16.3 y 2.1.3 contienen un parche para la vulnerabilidad."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oveleon:cookiebar:*:*:*:*:*:cantao:*:*","versionEndExcluding":"1.16.3","matchCriteriaId":"FFD4696B-4747-49FA-BA81-DA7C1EA0AF56"},{"vulnerable":true,"criteria":"cpe:2.3:a:oveleon:cookiebar:*:*:*:*:*:cantao:*:*","versionStartIncluding":"2.0.0","versionEndExcluding":"2.1.3","matchCriteriaId":"96D39411-CBD8-4C7C-B87C-0B737CF8522E"}]}]}],"references":[{"url":"https://cheatsheetseries.owasp.org/cheatsheets/Cross_Site_Scripting_Prevention_Cheat_Sheet.html","source":"security-advisories@github.com","tags":["Technical Description"]},{"url":"https://github.com/oveleon/contao-cookiebar/blob/2.x/src/Controller/CookiebarController.php","source":"security-advisories@github.com","tags":["Product"]},{"url":"https://github.com/oveleon/contao-cookiebar/commit/1d57470be5878f66d5e1e23f624dd387564b9b8d","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/oveleon/contao-cookiebar/security/advisories/GHSA-296q-rj83-g9rq","source":"security-advisories@github.com","tags":["Exploit","Vendor Advisory"]}]}}]}