Cross-site Scripting (XSS) in DataObject Any Getter grid operator

Impact Stored cross site scripting vulnerability in operator any getter in dataobject grid configuration. Patches Update to version 10.5.21 or apply this patch manually https://github.com/pimcore/pimcore/commit/6946f8a5a0a93b516c49f17a5b45044eebd73480.patch Workarounds Apply patch...

GHSA-6FVF-X8C6-2F6J Cross-site Scripting (XSS) in DataObject Any Getter grid operator

Impact Stored cross site scripting vulnerability in operator any getter in dataobject grid configuration. Patches Update to version 10.5.21 or apply this patch manually https://github.com/pimcore/pimcore/commit/6946f8a5a0a93b516c49f17a5b45044eebd73480.patch Workarounds Apply patch...

Cross-site Scripting (XSS) in pimcore via DataObject Class date fields

Impact This vulnerability has the potential to steal a user's cookie and gain unauthorized access to that user's account through the stolen cookie or redirect users to other malicious sites. Patches Update to version 10.5.21 or apply this patch manually...

GHSA-X9XJ-PQMV-8JF7 Cross-site Scripting (XSS) in pimcore via DataObject Class date fields

Impact This vulnerability has the potential to steal a user's cookie and gain unauthorized access to that user's account through the stolen cookie or redirect users to other malicious sites. Patches Update to version 10.5.21 or apply this patch manually...

GHSA-9Q7Q-R54Q-3F3G Cross-site Scripting (XSS) in DataObject Classification Store

Impact This vulnerability has the potential to steal a user's cookie and gain unauthorized access to that user's account through the stolen cookie or redirect users to other malicious sites. Patches Update to version 10.5.21 or apply this patch manually...

Cross-site Scripting (XSS) in DataObject Classification Store

Impact This vulnerability has the potential to steal a user's cookie and gain unauthorized access to that user's account through the stolen cookie or redirect users to other malicious sites. Patches Update to version 10.5.21 or apply this patch manually...

PT-2023-18928 · Pimcore · Pimcore

Name of the Vulnerable Software and Affected Versions: pimcore/pimcore versions prior to 10.5.21 Description: The issue is related to Cross-site Scripting XSS - Reflected, which occurs when an application includes user input in its output without proper validation, allowing an attacker to inject...

Cross-site Scripting (XSS)

pimcore/pimcore is vulnerable to Cross-Site Scripting XSS. The vulnerability exists in edit.js because of the improperly validated tooltip field in the DataObject class, which allows an attacker to inject and execute arbitrary JavaScript into the browser...

Pimcore has Cross-site Scripting vulnerability in DataObject tooltip field

Impact Unsecured tooltip field in DataObject class definition. This vulnerability has the potential to steal a user's cookie and gain unauthorized access to that user's account through the stolen cookie or redirect users to other malicious sites. Patches Update to version 10.5.19 or apply this...

GHSA-RCG9-HRHX-6Q69 Pimcore has Cross-site Scripting vulnerability in DataObject tooltip field

Impact Unsecured tooltip field in DataObject class definition. This vulnerability has the potential to steal a user's cookie and gain unauthorized access to that user's account through the stolen cookie or redirect users to other malicious sites. Patches Update to version 10.5.19 or apply this...

CVE-2023-28429 Pimcore has Cross-site Scripting vulnerability in DataObject tooltip field

Pimcore is an open source data and experience management platform. Versions prior to 10.5.19 have an unsecured tooltip field in DataObject class definition. This vulnerability has the potential to steal a user's cookie and gain unauthorized access to that user's account through the stolen cookie ...

CVE-2023-28429

CVE-2023-28429 affects Pimcore prior to 10.5.19, where an unsecured tooltip field in the DataObject class definition enables potential Cross-Site Scripting (XSS) . The core issue could allow an attacker to steal a user’s cookie and gain unauthorized account access or redirect users to malicious s...

CVE-2023-28429 Pimcore has Cross-site Scripting vulnerability in DataObject tooltip field

Pimcore is an open source data and experience management platform. Versions prior to 10.5.19 have an unsecured tooltip field in DataObject class definition. This vulnerability has the potential to steal a user's cookie and gain unauthorized access to that user's account through the stolen cookie ...

CVE-2023-28429 Pimcore has Cross-site Scripting vulnerability in DataObject tooltip field

Pimcore is an open source data and experience management platform. Versions prior to 10.5.19 have an unsecured tooltip field in DataObject class definition. This vulnerability has the potential to steal a user's cookie and gain unauthorized access to that user's account through the stolen cookie ...

GHSA-76R7-H46W-463R Cross Site Scripting (XSS) in Model\DataObject\Data\UrlSlug

Impact An attacker can use XSS to send a malicious script to an unsuspecting user. Patches Update to version 10.5.17 or apply this patch manually https://github.com/pimcore/pimcore/pull/14301.patch Workarounds Apply https://github.com/pimcore/pimcore/pull/14301.patch manually. References...

SUSE CVE-2019-16093

Symonics libmysofa 0.7 has an invalid write in readOHDRHeaderMessageDataLayout in hdf/dataobject.c...

SUSE CVE-2019-16094

Symonics libmysofa 0.7 has an invalid read in readOHDRHeaderMessageDataLayout in hdf/dataobject.c...

SUSE CVE-2019-20063

hdf/dataobject.c in libmysofa before 0.8 has an uninitialized use of memory, as demonstrated by mysofa2json...

Cross Site Scripting (XSS) in Model\DataObject\Data\UrlSlug

Description Cross Site Scripting XSS in Model\DataObject\Data\UrlSlug of pimcore/pimcore Proof of Concept 1. Login in stable account URL : https://demo.pimcore.fun/admin 2. Go to System Data --- UrlSlug 3. Enter Payload in UrlSlug with starting with "/" slash. For more understanding please check...

Silverstripe Framework SQLi Vulnerability

All versions of SilverStripe 3 prior to 3.6.7 and 3.7.3, and all versions of SilverStripe 4 prior to 4.0.7, 4.1.5, 4.2.4, and 4.3.1 allows Reflected SQL Injection through Form and DataObject...