Cross-Site Scripting(XSS)

2023-11-0111:36:02

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

cross-site scripting

pdf vulnerability

browser injection

6.5 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

38.0%

JSON

pimcore is vulnerable to Cross-site Scripting (XSS). The vulnerability is due to the processDocument function which lack s checks whether a PDF document contains JavaScript code. This allows an attacker to to inject malicious scripts into the browser.

CPENameOperatorVersion
pimcore/pimcorelev11.0.12
pimcore/pimcorelev11.0.12

CPE	Name	Operator	Version
	pimcore/pimcore	le	v11.0.12
	pimcore/pimcore	le	v11.0.12

References

github.com/pimcore/pimcore/commit/757375677dc83a44c6c22f26d97452cc5cda5d7c

huntr.com/bounties/701cfc30-22a1-4c4b-9b2f-885c77c290ce