Cross-site Scripting (XSS) - Stored in pimcore/pimcore

Description Cross site scripting vulnerability in pimcore,pimcore field, it is fixed in this commit 832c34 , but still it is executing xss .Icon field in events and news Proof of Concept 1 . Login to the demo account https://10.x-dev.pimcore.fun/admin/ 2. Go to settings --data objects -- classes ...

XSS on several select lists

Steps to reproduce: -Create a new issue type -Add "alert'Issue name' as Issue name mind the qoute at the beginning -Add "alert'Issue desc' as Issue Description -Add /images/icons/issuetypes/genericissue.png "alert'Issue icon' as Issue Icon -Make sure that this issue type is available on your...