Headline
GHSA-rrwm-8wqm-gwgv: Cross-site Scripting (XSS) - stored in Print Documents
Impact
Stored xss leads to steal cookies and other information of other users
Patches
Update to version 10.5.19 or apply this patch manually https://github.com/pimcore/pimcore/pull/14560.patch
Workarounds
Apply https://github.com/pimcore/pimcore/pull/14560.patch manually.
References
https://huntr.dev/bounties/31d97442-3f87-439f-83f0-1c7862ef0c7c/
Cross-site Scripting (XSS) - stored in Print Documents
Moderate severity GitHub Reviewed Published Mar 16, 2023 in pimcore/pimcore • Updated Mar 16, 2023