Описание
Cross-site Scripting (XSS) in DataObjects QuantityValue Unit Definition
Impact
This vulnerability has the potential to steal a user's cookie and gain unauthorized access to that user's account through the stolen cookie or redirect users to other malicious sites.
Patches
Update to version 10.5.21 or apply these patches manually https://github.com/pimcore/pimcore/commit/e3562bfe249c557d15474c9a0acd5e06628521fe.patch https://github.com/pimcore/pimcore/commit/b9c9ca2371aa643dbc4caca162ff3400266ff96f.patch
Workarounds
Apply patches: https://github.com/pimcore/pimcore/commit/e3562bfe249c557d15474c9a0acd5e06628521fe.patch https://github.com/pimcore/pimcore/commit/b9c9ca2371aa643dbc4caca162ff3400266ff96f.patch
References
https://huntr.dev/bounties/01a44584-e36b-46f4-ad94-53af488397f6/
Пакеты
pimcore/pimcore
< 10.5.21
10.5.21
Связанные уязвимости
Cross-site Scripting (XSS) - Generic in GitHub repository pimcore/pimcore prior to 10.5.21.