GHSA-66cm-c7ch-5j8q

Опубликовано: 20 мар. 2023

Источник: github

Github: Прошло ревью

CVSS3: 5.4

Описание

Pimcore vulnerable to Cross-site Scripting (XSS) in Redirects

Impact

Stored XSS vulnerability at Expiry field in the Redirects module.

This vulnerability has the potential to steal a user's cookie and gain unauthorized access to that user's account through the stolen cookie or redirect users to other malicious sites.

Patches

Update to version 10.5.19 or apply this patch manually https://github.com/pimcore/pimcore/pull/14562.patch

Workarounds

Apply patch manually https://github.com/pimcore/pimcore/pull/14562.patch

References

https://huntr.dev/bounties/ae0f2ec4-a245-4d0b-9d4d-bd8310dd6282/

Ссылки

Пакеты

Наименование

pimcore/pimcore

composer

Затронутые версииВерсия исправления

< 10.5.19

10.5.19

EPSS

Процентиль: 0%

0.00002

Низкий

5.4 Medium

CVSS3

CVE ID

CVE-2023-1515

Дефекты

CWE-79

Связанные уязвимости

CVE-2023-1515

CVSS3: 5.4

nvd

почти 3 года назад

Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.19.

EPSS

Процентиль: 0%

0.00002

Низкий

5.4 Medium

CVSS3

CVE ID

CVE-2023-1515

Дефекты

CWE-79