Описание
Pimcore Cross-site Scripting (XSS) vulnerability
bundles/AdminBundle/Controller/Admin/EmailController.php in Pimcore before 6.3.0 allows script execution in the Email Log preview window because of the lack of a Content-Security-Policy header.
Пакеты
Наименование
pimcore/pimcore
composer
Затронутые версииВерсия исправления
< 6.3.0
6.3.0
Связанные уязвимости
CVSS3: 6.1
nvd
около 6 лет назад
bundles/AdminBundle/Controller/Admin/EmailController.php in Pimcore before 6.3.0 allows script execution in the Email Log preview window because of the lack of a Content-Security-Policy header.