Pimcore is an open source data & experience management platform. Prior to version 10.1.2, an authenticated user could add XSS code as a value of custom metadata on assets. There is a patch for this issue in Pimcore version 10.1.2. As a workaround, users may apply the patch manually.
References
Link | Resource |
---|---|
https://github.com/pimcore/pimcore/pull/10178 | Patch Third Party Advisory |
https://github.com/pimcore/pimcore/pull/10178.patch | Patch Third Party Advisory |
https://github.com/pimcore/pimcore/security/advisories/GHSA-2v88-qq7x-xq5f | Patch Third Party Advisory |
https://huntr.dev/bounties/e4cb9cd8-89cf-427c-8d2e-37ca40099bf2/ | Exploit Patch Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: GitHub_M
Published: 2021-09-01T14:10:12
Updated: 2021-09-01T14:10:12
Reserved: 2021-08-16T00:00:00
Link: CVE-2021-39170
JSON object: View
NVD Information
Status : Analyzed
Published: 2021-09-01T14:15:08.023
Modified: 2021-09-09T17:00:02.863
Link: CVE-2021-39170
JSON object: View
Redhat Information
No data.