Описание
Pimcore vulnerable to stored stored Cross-site Scripting viaproperties when creating new users
Pimcore prior to 10.5.6 is vulnerable to stored cross-site scripting. This occurs when an attacker injects a payload when adding properties for a new user.
Пакеты
Наименование
pimcore/pimcore
composer
Затронутые версииВерсия исправления
< 10.5.6
10.5.6
Связанные уязвимости
CVSS3: 5.4
nvd
больше 3 лет назад
Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.6.