Security
Headlines
HeadlinesLatestCVEs

Headline

GHSA-x5j3-mq9g-8jc8: Cross-site Scripting (XSS) in UrlSlug Data type

Impact

An attacker can use XSS to send a malicious script to an unsuspecting user.

Patches

Update to version 10.5.19 or apply this patch manually https://github.com/pimcore/pimcore/pull/14669.patch

Workarounds

Apply https://github.com/pimcore/pimcore/pull/14669.patch manually.

References

https://huntr.dev/bounties/fa77d780-9b23-404b-8c44-12108881d11a

ghsa
Open in Source
#xss#git

Cross-site Scripting (XSS) in UrlSlug Data type

Moderate severity GitHub Reviewed Published Mar 16, 2023 in pimcore/pimcore • Updated Mar 17, 2023

Related news

CVE-2023-28106: optimized urlslug input (#14669) · pimcore/pimcore@c59d0bf

Pimcore is an open source data and experience management platform. Prior to version 10.5.19, an attacker can use cross-site scripting to send a malicious script to an unsuspecting user. Users may upgrade to version 10.5.19 to receive a patch or, as a workaround, apply the patch manually.

ghsa: Latest News

GHSA-hqmp-g7ph-x543: TunnelVision - decloaking VPNs using DHCP
ghsa