Security
Headlines
HeadlinesLatestCVEs

Tag

#xss

CVE-2023-2361

Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.21.

CVE
#xss#git
GHSA-g93x-fm2w-5pxw: Cross-site Scripting (XSS) in DataObject columns grid

### Impact The attacker is capable to stolen the user session cookie. it will leads to complete account takeover. ### Patches Update to version 10.5.21 or apply this patch manually https://github.com/pimcore/pimcore/commit/aa38319e353cc3cdfac12e03e21ed7a8f3628d3e.patch ### Workarounds Apply patch https://github.com/pimcore/pimcore/commit/aa38319e353cc3cdfac12e03e21ed7a8f3628d3e.patch manually. ### References https://huntr.dev/bounties/964762b0-b4fe-441c-81e1-0ebdbbf80f3b/

GHSA-6fvf-x8c6-2f6j: Cross-site Scripting (XSS) in DataObject Any Getter grid operator

### Impact Stored cross site scripting vulnerability in operator any getter in dataobject grid configuration. ### Patches Update to version 10.5.21 or apply this patch manually https://github.com/pimcore/pimcore/commit/6946f8a5a0a93b516c49f17a5b45044eebd73480.patch ### Workarounds Apply patch https://github.com/pimcore/pimcore/commit/6946f8a5a0a93b516c49f17a5b45044eebd73480.patch manually. ### References https://huntr.dev/bounties/bb1537a5-fe7b-4c77-a582-10a82435fbc2/

GHSA-r7mm-jx6h-hv7m: Cross-site Scripting (XSS) in Conditions tab of Pricing Rules

### Impact This vulnerability has the potential to steal a user's cookie and gain unauthorized access to that user's account through the stolen cookie or redirect users to other malicious sites. ### Patches Update to version 10.5.21 or apply this patch manually https://github.com/pimcore/pimcore/commit/a4491551967d879141a3fdf0986a9dd3d891abfe.patch ### Workarounds Apply patch https://github.com/pimcore/pimcore/commit/a4491551967d879141a3fdf0986a9dd3d891abfe.patch manually. ### References https://huntr.dev/bounties/e436ed71-6741-4b30-89db-f7f3de4aca2c/

CVE-2023-29489: cPanel TSR-2023-0001 Full Disclosure

An issue was discovered in cPanel before 11.109.9999.116. XSS can occur on the cpsrvd error page via an invalid webcall ID, aka SEC-669. The fixed versions are 11.109.9999.116, 11.108.0.13, 11.106.0.18, and 11.102.0.31.

GHSA-2295-vh28-pphc: Cross-site Scripting (XSS) in DataObjects QuantityValue Unit Definition

### Impact This vulnerability has the potential to steal a user's cookie and gain unauthorized access to that user's account through the stolen cookie or redirect users to other malicious sites. ### Patches Update to version 10.5.21 or apply these patches manually https://github.com/pimcore/pimcore/commit/e3562bfe249c557d15474c9a0acd5e06628521fe.patch https://github.com/pimcore/pimcore/commit/b9c9ca2371aa643dbc4caca162ff3400266ff96f.patch ### Workarounds Apply patches: https://github.com/pimcore/pimcore/commit/e3562bfe249c557d15474c9a0acd5e06628521fe.patch https://github.com/pimcore/pimcore/commit/b9c9ca2371aa643dbc4caca162ff3400266ff96f.patch ### References https://huntr.dev/bounties/01a44584-e36b-46f4-ad94-53af488397f6/

GHSA-x9xj-pqmv-8jf7: Cross-site Scripting (XSS) in DataObject Class date fields

### Impact This vulnerability has the potential to steal a user's cookie and gain unauthorized access to that user's account through the stolen cookie or redirect users to other malicious sites. ### Patches Update to version 10.5.21 or apply this patch manually https://github.com/pimcore/pimcore/commit/fb3056a21d439135480ee299bf1ab646867b5f4f.patch ### Workarounds Apply patch https://github.com/pimcore/pimcore/commit/fb3056a21d439135480ee299bf1ab646867b5f4f.patch manually. ### References https://huntr.dev/bounties/7336b71f-a36f-4ce7-a26d-c8335ac713d6/

GHSA-cjv6-w5hf-5wr6: Cross-site Scripting (XSS) in Ecommerce Pricing Rules name field

### Impact This vulnerability has the potential to steal a user's cookie and gain unauthorized access to that user's account through the stolen cookie or redirect users to other malicious sites. ### Patches Update to version 10.5.21 or apply this patch manually https://github.com/pimcore/pimcore/commit/e88fa79de7b5903fb58ddbc231130b04d937d79e.patch ### Workarounds Apply patch https://github.com/pimcore/pimcore/commit/e88fa79de7b5903fb58ddbc231130b04d937d79e.patch manually. ### References https://huntr.dev/bounties/41edf190-f6bf-4a29-a237-7ff1b2d048d3/

GHSA-476g-v7hf-cw5m: Cross-site Scripting (XSS) in Document Properties Parameter

### Impact This vulnerability has the potential to steal a user's cookie and gain unauthorized access to that user's account through the stolen cookie or redirect users to other malicious sites. ### Patches Update to version 10.5.21 or apply this patch manually https://github.com/pimcore/pimcore/commit/9fc674892b8b53103098b9524705074a45e7f773.patch ### Workarounds Apply patch https://github.com/pimcore/pimcore/commit/9fc674892b8b53103098b9524705074a45e7f773.patch manually. ### References https://huntr.dev/bounties/f7228f3f-3bef-46fe-b0e3-56c432048a67/

Aigital Wireless-N Repeater Mini_Router.0.131229 Cross Site Scripting

Aigital Wireless-N Repeater version Mini_Router.0.131229 suffers from a persistent cross site scripting vulnerability.