Skip to content

Cross Site Scripting (XSS) in Model\DataObject\Data\UrlSlug

Moderate severity GitHub Reviewed Published Feb 15, 2023 in pimcore/pimcore

Package

composer pimcore/pimcore (Composer)

Affected versions

< 10.5.17

Patched versions

10.5.17

Description

Impact

An attacker can use XSS to send a malicious script to an unsuspecting user.

Patches

Update to version 10.5.17 or apply this patch manually https://github.com/pimcore/pimcore/pull/14301.patch

Workarounds

Apply https://github.com/pimcore/pimcore/pull/14301.patch manually.

References

https://huntr.dev/bounties/75bc7d07-46a7-4ed9-a405-af4fc47fb422/

References

@dvesh3 dvesh3 published to pimcore/pimcore Feb 15, 2023
Published to the GitHub Advisory Database Feb 15, 2023
Reviewed Feb 15, 2023

Severity

Moderate

Weaknesses

CVE ID

No known CVE

GHSA ID

GHSA-76r7-h46w-463r

Source code

Credits

Loading Checking history
See something to contribute? Suggest improvements for this vulnerability.