Описание
Cross-site Scripting (XSS) - stored in Print Documents
Impact
Stored xss leads to steal cookies and other information of other users
Patches
Update to version 10.5.19 or apply this patch manually https://github.com/pimcore/pimcore/pull/14560.patch
Workarounds
Apply https://github.com/pimcore/pimcore/pull/14560.patch manually.
References
https://huntr.dev/bounties/31d97442-3f87-439f-83f0-1c7862ef0c7c/
Пакеты
Наименование
pimcore/pimcore
composer
Затронутые версииВерсия исправления
< 10.5.19
10.5.19
Дефекты
CWE-79
Дефекты
CWE-79