Headline
GHSA-97cp-8873-v2gf: Pimcore vulnerable to Cross Site Scripting in Documents Link Editable
Impact
An attacker can use XSS to send a malicious script to any user through Document Page Link Editable -> Advanced -> Attributes
Patches
Update to version 10.5.18 or apply this patch manually https://github.com/pimcore/pimcore/pull/14500.patch
Workarounds
Apply https://github.com/pimcore/pimcore/pull/14500.patch manually.
References
https://huntr.dev/bounties/cfa80332-e4cf-4d64-b3e5-e10298628d17/
Pimcore vulnerable to Cross Site Scripting in Documents Link Editable
Moderate severity GitHub Reviewed Published Mar 1, 2023 in pimcore/pimcore • Updated Mar 1, 2023
Related news
CVE-2023-1115
Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.18.