GHSA-mqf3-qpc3-g26q: Silverstripe Framework has a Reflected Cross Site Scripting (XSS) in error message

GHSA-ff6q-3c9c-6cf5: Silverstripe Framework has a XSS in form messages

GHSA-7cmp-cgg8-4c82: Silverstripe Framework has a XSS via insert media remote file oembed

GHSA-m9c9-mc2h-9wjw: Lodestar snappy checksum issue

GHSA-53rv-hcvm-rpp9: Lodestar snappy decompression issue

Introspection is enabled on `demo.pimcore.fun`. The demo site has graphql as a feature for users, but allows users to run instropection queries, which presents a potential schema information disclosure vulnerability.

**Pimcore Demo Allows GraphQL Introspection**

Moderate severity GitHub Reviewed Published Sep 27, 2023 to the GitHub Advisory Database • Updated Sep 27, 2023

Headline

GHSA-p76j-h4m8-hx5c: Pimcore Demo Allows GraphQL Introspection

Related news

ghsa: Latest News