Headline
CVE-2023-1515
Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.19.
Related news
GHSA-66cm-c7ch-5j8q: Pimcore vulnerable to Cross-site Scripting (XSS) in Redirects
### Impact Stored XSS vulnerability at Expiry field in the Redirects module. This vulnerability has the potential to steal a user's cookie and gain unauthorized access to that user's account through the stolen cookie or redirect users to other malicious sites. ### Patches Update to version 10.5.19 or apply this patch manually https://github.com/pimcore/pimcore/pull/14562.patch ### Workarounds Apply patch manually https://github.com/pimcore/pimcore/pull/14562.patch ### References https://huntr.dev/bounties/ae0f2ec4-a245-4d0b-9d4d-bd8310dd6282/