2 matches found
GHSA-6FVF-X8C6-2F6J Cross-site Scripting (XSS) in DataObject Any Getter grid operator
Impact Stored cross site scripting vulnerability in operator any getter in dataobject grid configuration. Patches Update to version 10.5.21 or apply this patch manually https://github.com/pimcore/pimcore/commit/6946f8a5a0a93b516c49f17a5b45044eebd73480.patch Workarounds Apply patch...
Stored cross site scripting vulnerability in operator any getter in pimcore grid configuration
Description Stored cross site scripting vulnerability in operator any getter in pimcore grid configuration. Proof of Concept 1. Login to the demo account https://11.x-dev.pimcore.fun/admin/login 2. On left side menu go to document -- perspective -- cdp...