6.6

CVSS Score

3.1

-

CVSS Score

Basic Information

CVE ID

CVE-2023-36806

GHSA ID

GHSA-4gpr-p634-922x

EPSS Score

0.5318%

CWE

CWE-79

Published

7/25/2023

Updated

11/15/2023

KEV Status

Technology

PHP

Basic Information

CVE ID

GHSA ID

EPSS Score

CWE

Published

Updated

KEV Status

Technology

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2023-36806

CVE-2023-36806: Cross site scripting via input unit widget

Impact

Authenticated users can inject malicious code in widgets with units, which is then executed both in the element preview (back end) and on the website (front end).

Patches

Update to Contao 4.9.42, 4.13.28 or 5.1.10.

Workarounds

Disable login for all untrusted back end users.

References

https://contao.org/en/security-advisories/cross-site-scripting-in-widgets-with-units

For more information

If you have any questions or comments about this advisory, open an issue in contao/contao.

Credits

Thanks to Christian Pöschl and Fabian Brenner from usd AG for reporting this vulnerability.

(GitHub Advisory)

Miggo Vulnerability Database

→

CVE-2023-36806

CVE-2023-36806:

6.6

CVSS Score

3.1

-

CVSS Score

Basic Information

CVE ID

CVE-2023-36806

GHSA ID

GHSA-4gpr-p634-922x

EPSS Score

0.5318%

CWE

CWE-79

Published

7/25/2023

Updated

11/15/2023

KEV Status

Technology

PHP

Basic Information

CVE ID

GHSA ID

EPSS Score

CWE

Published

Updated

KEV Status

Technology

Technical Details

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
contao/core-bundle	composer	>= 4.0.0, < 4.9.42	4.9.42
contao/core-bundle	composer	>= 4.10.0, < 4.13.28	4.13.28
contao/core-bundle	composer	>= 5.0.0, < 5.1.10	5.1.10

Technical Details

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability stems from improper input validation in widget classes handling unit fields. The commit diffs show critical changes to the validator() method in these widgets:

Removal of the 'Do not validate unit fields' comment
Addition of isValidOption() checks for 'unit' values
Migration from arrUnits to arrOptions property

These changes indicate the validator functions were previously allowing arbitrary 'unit' values without proper sanitization. The vulnerability manifests when user-controlled 'unit' values are rendered without escaping in both backend previews and frontend output. The high confidence comes from direct correlation between the patch changes and the XSS vulnerability description.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.

Reasoning

*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.

6.6

-

Basic Information

Basic Information

Concerned about an active attack path?

CVE-2023-36806: Cross site scripting via input unit widget

Impact

Patches

Workarounds

References

For more information

Credits

CVE-2023-36806:

6.6

-

Basic Information

Basic Information

Technical Details

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability IntelligenceMiggo AI

CVE-2023-36806: Cross site scripting via input unit widget

Impact

Patches

Workarounds

References

For more information

Credits

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Technical Details

Basic Information

Basic Information

6.6

6.6

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI