Описание
Vulnerable embedded jQuery Version
Summary
PIMCore uses the JavaScript library jQuery in version 3.4.1. This version is vulnerable to cross-site-scripting (XSS).
Details
In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing elements from untrusted sources - even after sanitizing it to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.
Publish Date: 2020-04-29
Пакеты
Наименование
pimcore/admin-ui-classic-bundle
composer
Затронутые версииВерсия исправления
<= 1.4.2
1.4.3