Cross-site Scripting (XSS) - stored in Print Documents
Impact
Stored xss leads to steal cookies and other information of other users
Patches
Update to version 10.5.19 or apply this patch manually https://github.com/pimcore/pimcore/pull/14560.patch
Workarounds
Apply https://github.com/pimcore/pimcore/pull/14560.patch manually.
References
https://huntr.dev/bounties/31d97442-3f87-439f-83f0-1c7862ef0c7c/
| Software | From | Fixed in |
|---|---|---|
pimcore / pimcore
|
- | 10.5.19 |
Deep Security Visibility Without the Complexity
SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.
- No setup fees
- 5-min deployment
- Cancel anytime