GHSA-42x8-2v53-pqmj

Опубликовано: 20 мар. 2023

Источник: github

Github: Прошло ревью

CVSS3: 4.8

Описание

Pimcore has Cross site Scripting vulnerability in Schedule tab of Documents

Impact

This vulnerability has the potential to steal a user's cookie and gain unauthorized access to that user's account through the stolen cookie or redirect users to other malicious sites.

Patches

Update to version 10.5.19 or apply this patch manually https://github.com/pimcore/pimcore/pull/14631.patch

Workarounds

Apply https://github.com/pimcore/pimcore/pull/14631.patch manually.

References

https://huntr.dev/bounties/82adf0dd-8ebd-4d15-9f91-6060c8fa5a0d/

Ссылки

Пакеты

Наименование

pimcore/pimcore

composer

Затронутые версииВерсия исправления

< 10.5.19

10.5.19

EPSS

Процентиль: 0%

0.00002

Низкий

4.8 Medium

CVSS3

CVE ID

CVE-2023-1517

Дефекты

CWE-79

Связанные уязвимости

CVE-2023-1517

CVSS3: 4.8

nvd

почти 3 года назад

Cross-site Scripting (XSS) - DOM in GitHub repository pimcore/pimcore prior to 10.5.19.

EPSS

Процентиль: 0%

0.00002

Низкий

4.8 Medium

CVSS3

CVE ID

CVE-2023-1517

Дефекты

CWE-79