Описание
Cross-site Scripting (XSS) in Website Settings name field
Impact
This vulnerability has the potential to steal a user's cookie and gain unauthorized access to that user's account through the stolen cookie or redirect users to other malicious sites.
Patches
Update to version 10.5.21 or apply this patches manually https://github.com/pimcore/pimcore/commit/07a2c95be524c7e20105cef58c5767d4ebb06091.patch https://github.com/pimcore/pimcore/commit/42a5bbe5f16b97371fdbfdcf2bb3ee759dea8564.patch
Workarounds
Apply patches manually: https://github.com/pimcore/pimcore/commit/07a2c95be524c7e20105cef58c5767d4ebb06091.patch https://github.com/pimcore/pimcore/commit/42a5bbe5f16b97371fdbfdcf2bb3ee759dea8564.patch
References
https://huntr.dev/bounties/01cd3ed5-dce8-4021-9de0-81cb14bf1829/
Пакеты
pimcore/pimcore
< 10.5.21
10.5.21
Связанные уязвимости
Cross-site Scripting (XSS) - Reflected in GitHub repository pimcore/pimcore prior to 10.5.21.