Pimcore Cross-site Scripting (XSS) vulnerability in Admin Translations
Description
Published by the National Vulnerability Database
May 10, 2023
Published to the GitHub Advisory Database
May 11, 2023
Reviewed
May 11, 2023
Last updated
Nov 7, 2023
Impact
Execute Javascript code on victim browsers and potentially steal cookies to takeover their account.
Patches
Update to version 10.5.21 or apply this patches manually
https://github.com/pimcore/pimcore/commit/7e32cc28145274ddfc30fb791012d26c1278bd38.patch
Workarounds
Apply patches manually: https://github.com/pimcore/pimcore/commit/7e32cc28145274ddfc30fb791012d26c1278bd38.patch
References
https://huntr.dev/bounties/e1001870-b8d8-4921-8b9c-bbdfb1a1491e/
References