CVE-2024-45965

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-45965

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-45965.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2024-45965

Published

2024-10-02T20:15:11Z

Modified

2025-07-04T03:13:20Z

Summary

[none]

Details

Contao before 5.5.6 allows XSS via an SVG document. This affects (in contao/core-bundle in Composer) 4.x before 4.13.54, 5.0.x through 5.3.x before 5.3.30, and 5.4.x and 5.5..x before 5.5.6.

References

https://contao.org/en/security-advisories/cross-site-scripting-through-svg-uploads
https://grimthereaperteam.medium.com/contao-5-4-1-malicious-file-upload-xss-in-svg-30edb8820ecb

Affected packages

Git / github.com/contao/contao

Affected ranges

Type: GIT
Repo: https://github.com/contao/contao
Events: Introduced

84b2fe637d5ead531f117f26b48d1b9de8df4074

Fixed

98274a6b07f4877dc369ee7975f9c256c54dd576