Security
Headlines
HeadlinesLatestCVEs

Headline

GHSA-4f25-2x2c-vg6v: pimcore is vulnerable to cross-site scripting in Composite indices key field

Impact

Pimcore is vulnerable to Cross site scripting vulnerability in classes module.

Patches

Update to version 10.5.20.

Workarounds

Apply the patch https://github.com/pimcore/pimcore/commit/765832f0dc5f6cfb296a82e089b701066f27bcef.patch manually.

ghsa
Open in Source
#xss#vulnerability#git

pimcore is vulnerable to cross-site scripting in Composite indices key field

Moderate severity GitHub Reviewed Published Apr 4, 2023 in pimcore/pimcore • Updated Apr 4, 2023

Related news

GHSA-3r5c-h7g6-cqw7: pimcore is vulnerable to cross-site scripting in classes module

Cross-site Scripting (XSS) - Generic in GitHub repository pimcore/pimcore prior to 10.5.20.

CVE-2023-1703: [Task] Optimized composite index key (#14636) · pimcore/pimcore@765832f

Cross-site Scripting (XSS) - Generic in GitHub repository pimcore/pimcore prior to 10.5.20.

ghsa: Latest News

GHSA-95m2-chm4-mq7m: PHP-Textile has persistent XSS vulnerability in image link handling
ghsa