You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
Reflected XSS in Application Logger module
Moderate severity
GitHub Reviewed
Published
Mar 16, 2023
in
pimcore/pimcore
•
Updated Apr 14, 2023
This vulnerability has the potential to steal a user's cookie and gain unauthorized access to that user's account through the stolen cookie or redirect users to other malicious sites.
Impact
This vulnerability has the potential to steal a user's cookie and gain unauthorized access to that user's account through the stolen cookie or redirect users to other malicious sites.
Patches
Update to version 10.5.19 or apply this patch manually https://github.com/pimcore/pimcore/pull/14606.patch
Workarounds
Apply https://github.com/pimcore/pimcore/pull/14606.patch manually.
References
https://huntr.dev/bounties/2a64a32d-b1cc-4def-91da-18040d59f356/
References