Описание
Cross Site Scripting (XSS) in Model\DataObject\Data\UrlSlug
Impact
An attacker can use XSS to send a malicious script to an unsuspecting user.
Patches
Update to version 10.5.17 or apply this patch manually https://github.com/pimcore/pimcore/pull/14301.patch
Workarounds
Apply https://github.com/pimcore/pimcore/pull/14301.patch manually.
References
https://huntr.dev/bounties/75bc7d07-46a7-4ed9-a405-af4fc47fb422/
Пакеты
Наименование
pimcore/pimcore
composer
Затронутые версииВерсия исправления
< 10.5.17
10.5.17
Дефекты
CWE-79
Дефекты
CWE-79