2 matches found
CVE-2021-39170
creationtimestamp| type| source ---|---|--- 2021-09-01 18:35:03+00:00| seen| https://t.me/cibsecurity/28161...
CVE-2021-39170 Improper Encoding or Escaping of Output in Asset Metadata Component
Pimcore is an open source data & experience management platform. Prior to version 10.1.2, an authenticated user could add XSS code as a value of custom metadata on assets. There is a patch for this issue in Pimcore version 10.1.2. As a workaround, users may apply the patch manually...