Headline
GHSA-6mmf-qm37-pmgg: Pimcore vulnerable to Reflected XSS in Predefined Properties module in Settings
Cross-site Scripting (XSS) - Reflected in GitHub repository pimcore/pimcore prior to 10.5.20.
Pimcore vulnerable to Reflected XSS in Predefined Properties module in Settings
Moderate severity GitHub Reviewed Published Mar 29, 2023 to the GitHub Advisory Database • Updated Mar 30, 2023
Related news
### Impact This vulnerability has the potential to steal a user's cookie and gain unauthorized access to that user's account through the stolen cookie or redirect users to other malicious sites. ### Patches Update to version 10.5.20 or apply this patch manually https://github.com/pimcore/pimcore/pull/14721.patch ### Workarounds Apply https://github.com/pimcore/pimcore/pull/14721.patch manually. ### References https://huntr.dev/bounties/64f943c4-68e5-4ef8-82f6-9c4abe928256/
Cross-site Scripting (XSS) - Reflected in GitHub repository pimcore/pimcore prior to 10.5.20.