bundles/AdminBundle/Controller/Admin/EmailController.php in Pimcore before 6.3.0 allows script execution in the Email Log preview window because of the lack of a Content-Security-Policy header.
References
Link | Resource |
---|---|
https://github.com/pimcore/pimcore/commit/e0b48faf7d29ce43a98825a0b230e88350ebcf78 | Patch Third Party Advisory |
https://github.com/pimcore/pimcore/compare/v6.2.3...v6.3.0 | Patch Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2019-11-15T04:22:34
Updated: 2019-11-15T04:22:34
Reserved: 2019-11-15T00:00:00
Link: CVE-2019-18982
JSON object: View
NVD Information
Status : Analyzed
Published: 2019-11-15T05:15:12.893
Modified: 2019-11-21T17:53:05.360
Link: CVE-2019-18982
JSON object: View
Redhat Information
No data.
CWE