Headline
GHSA-rp78-4562-gx3c: pimcore is vulnerable to cross-site scripting in translate module
Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.20.
pimcore is vulnerable to cross-site scripting in translate module
Moderate severity GitHub Reviewed Published Mar 29, 2023 to the GitHub Advisory Database • Updated Mar 30, 2023
Related news
### Impact This vulnerability has the potential to steal a user's cookie and gain unauthorized access to that user's account through the stolen cookie or redirect users to other malicious sites. ### Patches Update to version 10.5.20 or apply this patch manually https://github.com/pimcore/pimcore/pull/14732.patch ### Workarounds Apply https://github.com/pimcore/pimcore/pull/14732.patch manually. ### References https://huntr.dev/bounties/84419c7b-ae29-401b-bdfd-5d0c498d320f/
Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.20.