Vulnerable embedded jQuery Version

Summary PIMCore uses the JavaScript library jQuery in version 3.4.1. This version is vulnerable to cross-site-scripting XSS. Details In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing elements from untrusted sources - even after sanitizing it to one of...

GHSA-FPQV-X9HM-35J9 Cross-site Scripting vulnerability in Kitodo.Presentation

Impact Kitodo.Presentation fails to properly encode URL parameters for output in HTML making it vulnerable to Cross Site Scripting XSS. Only sites using the ListView, Navigation or PageView plugins are affected. It also includes jQuery 3.4.1 which is known to be vulnerable against Cross Site...