CVE-2024-45965

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2024-45965

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-45965.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2024-45965

Published

2024-10-02T20:15:11.320Z

Modified

2026-04-10T05:17:01.167835Z

Severity

5.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

Contao before 5.5.6 allows XSS via an SVG document. This affects (in contao/core-bundle in Composer) 4.x before 4.13.54, 5.0.x through 5.3.x before 5.3.30, and 5.4.x and 5.5..x before 5.5.6.

References

Affected packages

Git / github.com/contao/contao

Affected ranges

Type

GIT

Repo

https://github.com/contao/contao

Events

Introduced

84b2fe637d5ead531f117f26b48d1b9de8df4074

Fixed

98274a6b07f4877dc369ee7975f9c256c54dd576

Introduced

8cb541c59cb07ecb62fc5c5685c6448f38b97ad8

Fixed

1899dd416c9849eab1b1ed5c89cfbb9785de8f22

Introduced

3173ec39227e5454439be24f7169bad5e0eb69f8

Fixed

62b1b973fbc36fbbd834ee611972bcadaf5c82d6

Database specific

{
    "versions": [
        {
            "introduced": "4.0"
        },
        {
            "fixed": "4.13.54"
        },
        {
            "introduced": "5.0.0"
        },
        {
            "fixed": "5.3.30"
        },
        {
            "introduced": "5.4.0"
        },
        {
            "fixed": "5.5.6"
        }
    ]
}

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-45965.json"