Headline
CVE-2023-1517
Cross-site Scripting (XSS) - DOM in GitHub repository pimcore/pimcore prior to 10.5.19.
Related news
GHSA-42x8-2v53-pqmj: Pimcore has Cross site Scripting vulnerability in Schedule tab of Documents
### Impact This vulnerability has the potential to steal a user's cookie and gain unauthorized access to that user's account through the stolen cookie or redirect users to other malicious sites. ### Patches Update to version 10.5.19 or apply this patch manually https://github.com/pimcore/pimcore/pull/14631.patch ### Workarounds Apply https://github.com/pimcore/pimcore/pull/14631.patch manually. ### References https://huntr.dev/bounties/82adf0dd-8ebd-4d15-9f91-6060c8fa5a0d/