Headline

GHSA-69fc-v223-6rjw: Pimcore Cross-site scripting in Predefined Asset Metadata module in Settings

Cross-site Scripting (XSS) - Generic in GitHub repository pimcore/pimcore prior to 10.5.20.

2 years ago

Pimcore Cross-site scripting in Predefined Asset Metadata module in Settings

Moderate severity GitHub Reviewed Published Mar 29, 2023 to the GitHub Advisory Database • Updated Mar 30, 2023

### Impact This vulnerability has the potential to steal a user's cookie and gain unauthorized access to that user's account through the stolen cookie or redirect users to other malicious sites. ### Patches Update to version 10.5.20 or apply this patch manually https://github.com/pimcore/pimcore/pull/14721.patch ### Workarounds Apply patch manually https://github.com/pimcore/pimcore/pull/14721.patch ### References https://huntr.dev/bounties/d8a47f29-3297-4fce-b534-e1d95a2b3e19

2 years ago

ghsa

Open in Source

#xss #vulnerability #git #auth

CVE-2023-1702: Security fix in Predefined section (#14721) · pimcore/pimcore@2b99773

Cross-site Scripting (XSS) - Generic in GitHub repository pimcore/pimcore prior to 10.5.20.

2 years ago

CVE

Open in Source

#xss #git