Описание
Pimcore vulnerable to Cross Site Scripting in image/video thumbnail config
Impact
An attacker can use XSS to send a malicious script to any user through Image/Video thumbnail config
Patches
Update to version 10.5.18 or apply this patch manually https://github.com/pimcore/pimcore/pull/14472.patch
Workarounds
Apply https://github.com/pimcore/pimcore/pull/14472.patch manually.
References
https://huntr.dev/bounties/e8c0044d-a31b-4347-b2d5-59fbf492da39/
Пакеты
Наименование
pimcore/pimcore
composer
Затронутые версииВерсия исправления
< 10.5.18
10.5.18
Связанные уязвимости
CVSS3: 5.4
nvd
почти 3 года назад
Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.18.