CVE-2024-47069

MEDIUM

Oveleon Cookie Bar < 1.16.3 - Reflected Cross-Site Scripting via Locale Parameter

Title source: llm
STIX 2.1

Description

Oveleon Cookie Bar is a cookie bar is for the Contao Open Source CMS and allows a visitor to define cookie & privacy settings for the website. Prior to versions 1.16.3 and 2.1.3, the `block/locale` endpoint does not properly sanitize the user-controlled `locale` input before including it in the backend's HTTP response, thereby causing reflected cross-site scripting. Versions 1.16.3 and 2.1.3 contain a patch for the vulnerability.

Scores

CVSS v3 6.1
EPSS 0.0042
EPSS Percentile 34.2%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact partial

Details

CWE
CWE-79
Status published
Products (2)
oveleon/contao-cookiebar 0 - 1.16.3Packagist
oveleon/cookiebar < 1.16.3
Published Sep 23, 2024
Tracked Since Feb 18, 2026