cvedb.io
CVE-2022-24899
HIGH · CVSS 7.2
EPSS exploitation probability: 0%
Published 2022-05-06T00:15:07.757 · Last modified 2026-06-17T04:32:45.630

Summary

Contao is a powerful open source CMS that allows you to create professional websites and scalable web applications. In versions of Contao prior to 4.13.3 it is possible to inject code into the canonical tag. As a workaround users may disable canonical tags in the root page settings.

Affected products

contao — contao

Does this affect you?

Add your gear to cvedb and we'll alert you only when contao ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.