Headline

GHSA-42x8-2v53-pqmj: Pimcore has Cross site Scripting vulnerability in Schedule tab of Documents

Impact

This vulnerability has the potential to steal a user’s cookie and gain unauthorized access to that user’s account through the stolen cookie or redirect users to other malicious sites.

Patches

Update to version 10.5.19 or apply this patch manually https://github.com/pimcore/pimcore/pull/14631.patch

Workarounds

Apply https://github.com/pimcore/pimcore/pull/14631.patch manually.

References

https://huntr.dev/bounties/82adf0dd-8ebd-4d15-9f91-6060c8fa5a0d/

1 year ago

ghsa

Open in Source

#xss #vulnerability #git #auth

Pimcore has Cross site Scripting vulnerability in Schedule tab of Documents

Moderate severity GitHub Reviewed Published Mar 20, 2023 in pimcore/pimcore • Updated Mar 20, 2023

Related news

CVE-2023-1517

Cross-site Scripting (XSS) - DOM in GitHub repository pimcore/pimcore prior to 10.5.19.

1 year ago

CVE

Open in Source

#xss #git

ghsa: Latest News

GHSA-w3g8-r9gw-qrh8: Denial of Service in Keycloak Server via Security Headers

1 hour ago

ghsa

GHSA-f4v7-3mww-9gc2: Keycloak allows unrestricted admin use of system and environment variables

1 hour ago

ghsa

GHSA-vh22-6c6h-rm8q: jte's HTML templates containing Javascript template strings are subject to XSS

1 hour ago

ghsa

GHSA-mgr7-5782-6jh9: The Umbraco Heartcore headless client library uses a vulnerable Refit dependency package

2 hours ago

ghsa

GHSA-45v3-38pc-874v: notation-go's timestamp signature generation lacks certificate revocation check

2 hours ago

ghsa