Описание
Cross-site Scripting (XSS) in pimcore
Impact
An attacker can use XSS to send a malicious script to any user.
Patches
Update to version 10.5.21 or apply this patch manually https://github.com/pimcore/pimcore/commit/6970649f5d3790a1db9ef4324bece0d4cb95366a.patch
Workarounds
Apply patch https://github.com/pimcore/pimcore/commit/6970649f5d3790a1db9ef4324bece0d4cb95366a.patch manually.
References
https://huntr.dev/bounties/24d91b83-c3df-48f5-a713-9def733f2de7/
Пакеты
Наименование
pimcore/pimcore
composer
Затронутые версииВерсия исправления
< 10.5.21
10.5.21
Связанные уязвимости
CVSS3: 5.4
nvd
почти 3 года назад
Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.21.