pimcore/pimcore is vulnerable to cross-site scripting (XSS). The showEmailLogAction
function in bundles/AdminBundle/Controller/Admin/EmailController.php
allows script execution in the Email Log preview window due to the lack of a Content-Security-Policy header.
CPE | Name | Operator | Version |
---|---|---|---|
pimcore/pimcore | le | 6.2.3 |