Описание
Improper Neutralization of Text-Values in Object Version Preview
Text-values were not properly escaped before printed in the version preview. This allowed XSS by authenticated users with access to the resources.
Пакеты
Наименование
pimcore/pimcore
composer
Затронутые версииВерсия исправления
< 10.1.1
10.1.2
Связанные уязвимости
CVSS3: 8
nvd
больше 4 лет назад
Pimcore is an open source data & experience management platform. Prior to version 10.1.2, text-values were not properly escaped before printed in the version preview. This allowed XSS by authenticated users with access to the resources. This issue is patched in Pimcore version 10.1.2.