GrepRules
Sign inPublish rule
Explore/cve-2024-47069-contao-unvalidated-locale-xss

CVE-2024-47069: Contao Unvalidated Locale Xss

A locale parameter passed to a controller action is assigned directly to a template property (e.g., `language`, `locale`, `lang`) without validation. This can lead to Reflected Cross-Site Scripting (XSS) when the property is rendered in an HTML template (like in a `lang` attribute). Ensure that the locale is validated using `\Contao\Validator::isLocale()` be

Provally CuratedPublic repositoryMediumMedium confidenceVerifiedApache-2.0PHPβ
greprules fetch cve-2024-47069-contao-unvalidated-locale-xss --engine opengrep

Description

A locale parameter passed to a controller action is assigned directly to a template property (e.g., `language`, `locale`, `lang`) without validation. This can lead to Reflected Cross-Site Scripting (XSS) when the property is rendered in an HTML template (like in a `lang` attribute). Ensure that the locale is validated using `\Contao\Validator::isLocale()` be

License
Apache-2.0
Source context
Public repository
Source
Provally CVE rule catalog
Validation status
Verified
Quality signals
145 downloads0 direct145 via packs
· 0 stars · Quality score 81How quality works
Included packs
2 packs