You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
Cross Site Scripting (XSS) in Model\DataObject\Data\UrlSlug
Moderate severity
GitHub Reviewed
Published
Feb 15, 2023
in
pimcore/pimcore
Impact
An attacker can use XSS to send a malicious script to an unsuspecting user.
Patches
Update to version 10.5.17 or apply this patch manually https://github.com/pimcore/pimcore/pull/14301.patch
Workarounds
Apply https://github.com/pimcore/pimcore/pull/14301.patch manually.
References
https://huntr.dev/bounties/75bc7d07-46a7-4ed9-a405-af4fc47fb422/
References