Add CVE-2022-24899 for GHSA-m8x6-6r63-qvj2

Add CVE-2022-24899 for GHSA-m8x6-6r63-qvj2

2022/24xxx/CVE-2022-24899.json

@@ -1,18 +1,93 @@
 {
-    "data_type": "CVE",
-    "data_format": "MITRE",
-    "data_version": "4.0",
     "CVE_data_meta": {
+        "ASSIGNER": "security-advisories@github.com",
         "ID": "CVE-2022-24899",
-        "ASSIGNER": "cve@mitre.org",
-        "STATE": "RESERVED"
+        "STATE": "PUBLIC",
+        "TITLE": "Cross site scripting via canonical tag"
     },
+    "affects": {
+        "vendor": {
+            "vendor_data": [
+                {
+                    "product": {
+                        "product_data": [
+                            {
+                                "product_name": "contao",
+                                "version": {
+                                    "version_data": [
+                                        {
+                                            "version_value": "< 4.13.3"
+                                        }
+                                    ]
+                                }
+                            }
+                        ]
+                    },
+                    "vendor_name": "contao"
+                }
+            ]
+        }
+    },
+    "data_format": "MITRE",
+    "data_type": "CVE",
+    "data_version": "4.0",
     "description": {
         "description_data": [
             {
                 "lang": "eng",
-                "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+                "value": "Contao is a powerful open source CMS that allows you to create professional websites and scalable web applications. In versions of Contao prior to 4.13.3 it is possible to inject code into the canonical tag. As a workaround users may disable canonical tags in the root page settings."
             }
         ]
+    },
+    "impact": {
+        "cvss": {
+            "attackComplexity": "LOW",
+            "attackVector": "NETWORK",
+            "availabilityImpact": "NONE",
+            "baseScore": 7.2,
+            "baseSeverity": "HIGH",
+            "confidentialityImpact": "LOW",
+            "integrityImpact": "LOW",
+            "privilegesRequired": "NONE",
+            "scope": "CHANGED",
+            "userInteraction": "NONE",
+            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N",
+            "version": "3.1"
+        }
+    },
+    "problemtype": {
+        "problemtype_data": [
+            {
+                "description": [
+                    {
+                        "lang": "eng",
+                        "value": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"
+                    }
+                ]
+            }
+        ]
+    },
+    "references": {
+        "reference_data": [
+            {
+                "name": "https://github.com/contao/contao/security/advisories/GHSA-m8x6-6r63-qvj2",
+                "refsource": "CONFIRM",
+                "url": "https://github.com/contao/contao/security/advisories/GHSA-m8x6-6r63-qvj2"
+            },
+            {
+                "name": "https://github.com/contao/contao/commit/199206849a87ddd0fa5cf674eb3c58292fd8366c",
+                "refsource": "MISC",
+                "url": "https://github.com/contao/contao/commit/199206849a87ddd0fa5cf674eb3c58292fd8366c"
+            },
+            {
+                "name": "https://contao.org/en/security-advisories/cross-site-scripting-via-canonical-url.html",
+                "refsource": "MISC",
+                "url": "https://contao.org/en/security-advisories/cross-site-scripting-via-canonical-url.html"
+            }
+        ]
+    },
+    "source": {
+        "advisory": "GHSA-m8x6-6r63-qvj2",
+        "discovery": "UNKNOWN"
     }
 }