Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2023-2630: fixed sql injection in translation api (#14952) · pimcore/pimcore@7e32cc2

Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.21.

CVE
Open in Source
#sql#xss#vulnerability#git

    • Actions

      Automate any workflow

    • Packages

      Host and manage packages

    • Security

      Find and fix vulnerabilities

    • Codespaces

      Instant dev environments

    • Copilot

      Write better code with AI

    • Code review

      Manage code changes

    • Issues

      Plan and track work

    • Discussions

      Collaborate outside of code

Explore

*   All features
*   Documentation
*   GitHub Skills
*   Blog

  • For

    • Enterprise
    • Teams
    • Startups
    • Education

    By Solution

    • CI/CD & Automation
    • DevOps
    • DevSecOps

    Case Studies

    • Customer Stories
    • Resources

    • GitHub Sponsors

      Fund open source developers

*   The ReadME Project
    
    GitHub community articles
    

Repositories

*   Topics
*   Trending
*   Collections
  • Pricing

Related news

GHSA-w766-3572-f2hv: Pimcore Cross-site Scripting (XSS) vulnerability in Admin Translations

### Impact Execute Javascript code on victim browsers and potentially steal cookies to takeover their account. ### Patches Update to version 10.5.21 or apply this patches manually https://github.com/pimcore/pimcore/commit/7e32cc28145274ddfc30fb791012d26c1278bd38.patch ### Workarounds Apply patches manually: https://github.com/pimcore/pimcore/commit/7e32cc28145274ddfc30fb791012d26c1278bd38.patch ### References https://huntr.dev/bounties/e1001870-b8d8-4921-8b9c-bbdfb1a1491e/

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE