4 matches found
Cross-Site Scripting (XSS)
pimcore/pimcore is vulnerable to Cross-Site Scripting XSS. The vulnerability exists due to a lack of user input sanitization in the save grid option, which allows an attacker to inject arbitrary JavaScript code into the browser...
Cross-Site Scripting (XSS)
pimcore/pimcore is vulnerable to Cross-Site Scripting XSS. The vulnerability exists due to a lack of user input sanitization in the grid option, which allows an attacker to inject arbitrary JavaScript into the browser...
Stored cross site scripting vulnerability in Save grid option in pimcore dashboard
Description Stored cross site scripting vulnerability in Save grid option in pimcore dashboard. Proof of Concept 1. Login to the demo account https://11.x-dev.pimcore.fun/admin/login 2. On left side menu go to document -- perspective -- cdp https://11.x-dev.pimcore.fun/admin/?perspective=CDP 3. i...
CVE-2003-0841
CVE-2003-0841 concerns PeopleSoft 8.42 where the grid option stores temporary .xls files in guessable directories under the web document root. This can allow remote attackers to access the files directly via URL and steal search results, constituting a partial confidentiality impact as described ...