Lucene search
Veracode Vulnerability DatabaseVERACODE:34830HistoryMar 25, 2022 - 7:29 a.m.
Cross-Site Scripting (XSS)
2022-03-2507:29:41
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
13
pimcore data-hub vulnerability javascript
EPSS
0.001
Percentile
21.4%
pimcore/data-hub is vulnerable to stored cross-site scripting. The vulnerability exists because the configuration values are not escaped properly which allows a malicious attacker to inject and execute arbitrary javascript.
References
github.com/advisories/GHSA-vc5r-xfc4-4x22
github.com/pimcore/data-hub/commit/15d5b57af2466eebd3bbc531ead5dafa35d0a36e
github.com/pimcore/data-hub/commit/6a85b7e377917c2d46a34c7d1e9af5ec445407c9
github.com/pimcore/data-hub/pull/462
huntr.dev/bounties/708971a6-1e6c-4c51-a411-255caeba51df
huntr.dev/bounties/708971a6-1e6c-4c51-a411-255caeba51df/
Related
osv
osv
CVE-2022-0955
2022-03-24 15:15:07
BIT-pimcore-2022-0955
2024-03-06 11:01:29
Cross-site Scripting in Pimcore Datahub
2022-03-25 00:00:33
cvelist
cvelist
CVE-2022-0955 Cross-site Scripting (XSS) - Stored in pimcore/data-hub
2022-03-24 14:45:15
cve
cve
CVE-2022-0955
2022-03-24 15:15:07
prion
prion
Cross site scripting
2022-03-24 15:15:00
github
github
Cross-site Scripting in Pimcore Datahub
2022-03-25 00:00:33
nvd
nvd
CVE-2022-0955
2022-03-24 15:15:07
huntr
huntr
Cross-site Scripting (XSS) - Stored
2022-03-08 16:20:52