Security
Headlines
HeadlinesLatestCVEs

Headline

GHSA-w766-3572-f2hv: Pimcore Cross-site Scripting (XSS) vulnerability in Admin Translations

Impact

Execute Javascript code on victim browsers and potentially steal cookies to takeover their account.

Patches

Update to version 10.5.21 or apply this patches manually https://github.com/pimcore/pimcore/commit/7e32cc28145274ddfc30fb791012d26c1278bd38.patch

Workarounds

Apply patches manually: https://github.com/pimcore/pimcore/commit/7e32cc28145274ddfc30fb791012d26c1278bd38.patch

References

https://huntr.dev/bounties/e1001870-b8d8-4921-8b9c-bbdfb1a1491e/

ghsa
Open in Source
#xss#vulnerability#git#java

Pimcore Cross-site Scripting (XSS) vulnerability in Admin Translations

Moderate severity GitHub Reviewed Published May 10, 2023 in pimcore/pimcore • Updated May 11, 2023

Related news

CVE-2023-2630: fixed sql injection in translation api (#14952) · pimcore/pimcore@7e32cc2

Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.21.

ghsa: Latest News

GHSA-g5x8-v2ch-gj2g: Vaultwarden HTML injection vulnerability
ghsa