Cross Site Scripting (XSS) in Model\DataObject\Data\UrlSlug
Impact
An attacker can use XSS to send a malicious script to an unsuspecting user.
Patches
Update to version 10.5.17 or apply this patch manually https://github.com/pimcore/pimcore/pull/14301.patch
Workarounds
Apply https://github.com/pimcore/pimcore/pull/14301.patch manually.
References
https://huntr.dev/bounties/75bc7d07-46a7-4ed9-a405-af4fc47fb422/
| Software | From | Fixed in |
|---|---|---|
pimcore / pimcore
|
- | 10.5.17 |
Deep Security Visibility Without the Complexity
SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.
- No setup fees
- 5-min deployment
- Cancel anytime