Headline

GHSA-m6m9-gr85-79vm: Pimcore Cross-site Scripting (XSS) in name field of Custom Reports

Impact

This vulnerability has the potential to steal a user’s cookie and gain unauthorized access to that user’s account through the stolen cookie or redirect users to other malicious sites.

Patches

Update to version 10.5.21 or apply this patch manually: https://github.com/pimcore/pimcore/commit/c36ef54ce33f7b5e74b7b0ab9eabfed47c018fc7.patch

Workarounds

Apply patches manually: https://github.com/pimcore/pimcore/commit/c36ef54ce33f7b5e74b7b0ab9eabfed47c018fc7.patch

References

https://huntr.dev/bounties/1a5e6c65-2c5e-4617-9411-5b47a7e743a6/

1 year ago

ghsa

Open in Source

#xss #vulnerability #git #auth

Pimcore Cross-site Scripting (XSS) in name field of Custom Reports

Moderate severity GitHub Reviewed Published May 10, 2023 in pimcore/pimcore • Updated May 10, 2023

Cross-site Scripting (XSS) - DOM in GitHub repository pimcore/pimcore prior to 10.5.21.

1 year ago

CVE

Open in Source

#xss #git

ghsa: Latest News

GHSA-g5x8-v2ch-gj2g: Vaultwarden HTML injection vulnerability

1 day ago

ghsa

GHSA-x7m9-mv49-fv73: Vaultwarden vulnerable to user impersonation

1 day ago

ghsa

GHSA-vprm-27pv-jp3w: Vaultwarden authenticated reflected cross-site scripting (XSS) vulnerability

1 day ago

ghsa

GHSA-5xh2-23cc-5jc6: Strawberry GraphQL has type resolution vulnerability in node interface that allows potential data leakage through incorrect type resolution

1 day ago

ghsa

GHSA-675f-rq2r-jw82: JWK Set's HTTP client only overwrites and appends JWK to local cache during refresh

1 day ago

ghsa

Headline

GHSA-m6m9-gr85-79vm: Pimcore Cross-site Scripting (XSS) in name field of Custom Reports

Impact

Patches

Workarounds

References

Related news

ghsa: Latest News