Vulnerability Database

322,904

Total vulnerabilities in the database

Vulnerable embedded jQuery Version

Summary

PIMCore uses the JavaScript library jQuery in version 3.4.1. This version is vulnerable to cross-site-scripting (XSS).

Details

In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing elements from untrusted sources - even after sanitizing it to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.

Publish Date: 2020-04-29

URL:= https://security.snyk.io/package/npm/jquery/3.4.1

Published: Jun 5, 2024
Updated: Jun 27, 2024
GHSA: GHSA-jmh9-6rjq-gjh9
Severity: Medium
Exploit:

No technical information available.

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
pimcore / admin-ui-classic-bundle	-	1.4.3

https://github.com/pimcore/admin-ui-classic-bundle/security/advisories/GHSA-jmh9-6rjq-gjh9

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo