Описание
Pimcore Cross-site Scripting (XSS) vulnerability in Admin Translations
Impact
Execute Javascript code on victim browsers and potentially steal cookies to takeover their account.
Patches
Update to version 10.5.21 or apply this patches manually https://github.com/pimcore/pimcore/commit/7e32cc28145274ddfc30fb791012d26c1278bd38.patch
Workarounds
Apply patches manually: https://github.com/pimcore/pimcore/commit/7e32cc28145274ddfc30fb791012d26c1278bd38.patch
References
https://huntr.dev/bounties/e1001870-b8d8-4921-8b9c-bbdfb1a1491e/
Пакеты
Наименование
pimcore/pimcore
composer
Затронутые версииВерсия исправления
< 10.5.21
10.5.21
Связанные уязвимости
CVSS3: 4.8
nvd
больше 2 лет назад
Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.21.