Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2023-1247: [Task] Removed the functionality to input metadata html tags in SEO a… · pimcore/pimcore@da2af2d

Cross-site Scripting (XSS) - Reflected in GitHub repository pimcore/pimcore prior to 11.0.0.

CVE
Open in Source
#xss#git

@@ -21,75 +21,6 @@ pimcore.document.pages.settings = Class.create(pimcore.document.settings_abstrac

if (this.layout == null) {

/**

* @deprecated 10.6 Will be removed in 11.

*/

// meta-data

var addMetaData = function (value) {

console.warn(‘Setting/Editing the `HTML-tags` field is deprecated’);

if(typeof value != “string”) {

value = "";

}

var count = this.metaDataPanel.query(“button”).length+1;

var compositeField = new Ext.form.FieldContainer({

layout: 'hbox’,

hideLabel: true,

items: [{

xtype: "textfield",

value: value,

width: 636,

name: “metadata_” + count,

}]

});

compositeField.add({

xtype: "button",

iconCls: "pimcore_icon_delete",

handler: function (compositeField, el) {

this.metaDataPanel.remove(compositeField);

this.metaDataPanel.updateLayout();

}.bind(this, compositeField)

});

this.metaDataPanel.add(compositeField);

this.metaDataPanel.updateLayout();

}.bind(this);

var user = pimcore.globalmanager.get(“user”);

if (user.admin) {

/**

* @deprecated 10.6 Will be removed in 11.

*/

this.metaDataPanel = new Ext.form.FieldSet({

title: t(“html_tags”) + " (<meta …/> <link …/> …) (Deprecated)",

collapsible: false,

autoHeight: true,

width: 700,

style: "margin-top: 20px;",

items: [{

xtype: "toolbar",

style: "margin-bottom: 10px;",

items: ["->", {

xtype: 'button’,

iconCls: "pimcore_icon_add",

handler: addMetaData

}]

}]

});

try {

if (typeof this.document.data.metaData == “object” && this.document.data.metaData.length > 0) {

for (var r = 0; r < this.document.data.metaData.length; r++) {

addMetaData(this.document.data.metaData[r]);

}

}

} catch (e) {

}

}

var updateSerpPreview = function () {

var metaPanel = this.layout.getComponent(“metaDataPanel”);

@@ -144,7 +75,7 @@ pimcore.document.pages.settings = Class.create(pimcore.document.settings_abstrac

items: [

{

xtype:’fieldset’,

title: t(‘title’) + ", " + t(“description”) + " & " + t(‘metadata’),

title: t(‘title’) + " & " + t(“description”),

itemId: "metaDataPanel",

collapsible: true,

autoHeight:true,

@@ -185,7 +116,6 @@ pimcore.document.pages.settings = Class.create(pimcore.document.settings_abstrac

}

}

},

this.metaDataPanel,

{

xtype: "container",

itemId: "serpPreview",

Related news

GHSA-8wg7-88cg-7p9j: Pimcore vulnerable to Cross-site Scripting

Cross-site Scripting (XSS) - Reflected in GitHub repository pimcore/pimcore prior to 11.0.0.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE