5 matches found
Pimcore Cross-site Scripting in Predefined Asset Metadata module in Settings
Impact This vulnerability has the potential to steal a user's cookie and gain unauthorized access to that user's account through the stolen cookie or redirect users to other malicious sites. Patches Update to version 10.5.20 or apply this patch manually...
GHSA-69FC-V223-6RJW Duplicate Advisory: Pimcore Cross-site scripting in Predefined Asset Metadata module in Settings
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-6qjm-39vh-729w. This link is maintained ot preserve external references. Original Description Cross-site Scripting XSS - Generic in GitHub repository pimcore/pimcore prior to 10.5.20...
XSS in Predefined Asset Metadata module in Settings
Description While testing the pimcore application, I found that it is vulnerable to XSS vulnerability in Predefined Asset Metadata module in Settings, specifically at Name field. Proof of Concept 1.Go to https://11.x-dev.pimcore.fun/admin/ then login. 2.Go to Settings - Predefined Asset Metadata...
GHSA-276R-24XQ-HWG8 Pimcore XSS Vulnerability
Pimcore allows XSS via Users, Assets, Data Objects, Video Thumbnails, Image Thumbnails, Field-Collections, Objectbrick, Classification Store, Document Types, Predefined Properties, Predefined Asset Metadata, Quantity Value, and Static Routes functions...
CVE-2018-14059
Pimcore allows XSS via Users, Assets, Data Objects, Video Thumbnails, Image Thumbnails, Field-Collections, Objectbrick, Classification Store, Document Types, Predefined Properties, Predefined Asset Metadata, Quantity Value, and Static Routes functions...