Security
Headlines
HeadlinesLatestCVEs

Headline

GHSA-rrwm-8wqm-gwgv: Cross-site Scripting (XSS) - stored in Print Documents

Impact

Stored xss leads to steal cookies and other information of other users

Patches

Update to version 10.5.19 or apply this patch manually https://github.com/pimcore/pimcore/pull/14560.patch

Workarounds

Apply https://github.com/pimcore/pimcore/pull/14560.patch manually.

References

https://huntr.dev/bounties/31d97442-3f87-439f-83f0-1c7862ef0c7c/

ghsa
#xss#git

Cross-site Scripting (XSS) - stored in Print Documents

Moderate severity GitHub Reviewed Published Mar 16, 2023 in pimcore/pimcore • Updated Mar 16, 2023

ghsa: Latest News

GHSA-3m86-c9x3-vwm9: Graylog vulnerable to privilege escalation through API tokens