Tag
#xss
Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.21.
### Impact The attacker is capable to stolen the user session cookie. it will leads to complete account takeover. ### Patches Update to version 10.5.21 or apply this patch manually https://github.com/pimcore/pimcore/commit/aa38319e353cc3cdfac12e03e21ed7a8f3628d3e.patch ### Workarounds Apply patch https://github.com/pimcore/pimcore/commit/aa38319e353cc3cdfac12e03e21ed7a8f3628d3e.patch manually. ### References https://huntr.dev/bounties/964762b0-b4fe-441c-81e1-0ebdbbf80f3b/
### Impact Stored cross site scripting vulnerability in operator any getter in dataobject grid configuration. ### Patches Update to version 10.5.21 or apply this patch manually https://github.com/pimcore/pimcore/commit/6946f8a5a0a93b516c49f17a5b45044eebd73480.patch ### Workarounds Apply patch https://github.com/pimcore/pimcore/commit/6946f8a5a0a93b516c49f17a5b45044eebd73480.patch manually. ### References https://huntr.dev/bounties/bb1537a5-fe7b-4c77-a582-10a82435fbc2/
### Impact This vulnerability has the potential to steal a user's cookie and gain unauthorized access to that user's account through the stolen cookie or redirect users to other malicious sites. ### Patches Update to version 10.5.21 or apply this patch manually https://github.com/pimcore/pimcore/commit/a4491551967d879141a3fdf0986a9dd3d891abfe.patch ### Workarounds Apply patch https://github.com/pimcore/pimcore/commit/a4491551967d879141a3fdf0986a9dd3d891abfe.patch manually. ### References https://huntr.dev/bounties/e436ed71-6741-4b30-89db-f7f3de4aca2c/
An issue was discovered in cPanel before 11.109.9999.116. XSS can occur on the cpsrvd error page via an invalid webcall ID, aka SEC-669. The fixed versions are 11.109.9999.116, 11.108.0.13, 11.106.0.18, and 11.102.0.31.
### Impact This vulnerability has the potential to steal a user's cookie and gain unauthorized access to that user's account through the stolen cookie or redirect users to other malicious sites. ### Patches Update to version 10.5.21 or apply these patches manually https://github.com/pimcore/pimcore/commit/e3562bfe249c557d15474c9a0acd5e06628521fe.patch https://github.com/pimcore/pimcore/commit/b9c9ca2371aa643dbc4caca162ff3400266ff96f.patch ### Workarounds Apply patches: https://github.com/pimcore/pimcore/commit/e3562bfe249c557d15474c9a0acd5e06628521fe.patch https://github.com/pimcore/pimcore/commit/b9c9ca2371aa643dbc4caca162ff3400266ff96f.patch ### References https://huntr.dev/bounties/01a44584-e36b-46f4-ad94-53af488397f6/
### Impact This vulnerability has the potential to steal a user's cookie and gain unauthorized access to that user's account through the stolen cookie or redirect users to other malicious sites. ### Patches Update to version 10.5.21 or apply this patch manually https://github.com/pimcore/pimcore/commit/fb3056a21d439135480ee299bf1ab646867b5f4f.patch ### Workarounds Apply patch https://github.com/pimcore/pimcore/commit/fb3056a21d439135480ee299bf1ab646867b5f4f.patch manually. ### References https://huntr.dev/bounties/7336b71f-a36f-4ce7-a26d-c8335ac713d6/
### Impact This vulnerability has the potential to steal a user's cookie and gain unauthorized access to that user's account through the stolen cookie or redirect users to other malicious sites. ### Patches Update to version 10.5.21 or apply this patch manually https://github.com/pimcore/pimcore/commit/e88fa79de7b5903fb58ddbc231130b04d937d79e.patch ### Workarounds Apply patch https://github.com/pimcore/pimcore/commit/e88fa79de7b5903fb58ddbc231130b04d937d79e.patch manually. ### References https://huntr.dev/bounties/41edf190-f6bf-4a29-a237-7ff1b2d048d3/
### Impact This vulnerability has the potential to steal a user's cookie and gain unauthorized access to that user's account through the stolen cookie or redirect users to other malicious sites. ### Patches Update to version 10.5.21 or apply this patch manually https://github.com/pimcore/pimcore/commit/9fc674892b8b53103098b9524705074a45e7f773.patch ### Workarounds Apply patch https://github.com/pimcore/pimcore/commit/9fc674892b8b53103098b9524705074a45e7f773.patch manually. ### References https://huntr.dev/bounties/f7228f3f-3bef-46fe-b0e3-56c432048a67/
Aigital Wireless-N Repeater version Mini_Router.0.131229 suffers from a persistent cross site scripting vulnerability.