CVE-2021-39166

Cross-site Scripting in packagist/pimcore/pimcore

Identifier

CVE-2021-39166

Package Slug

packagist/pimcore/pimcore

Vulnerability

Cross-site Scripting

Description

Text-values were not properly escaped before printed in the version preview. This allowed XSS by authenticated users with access to the resources. This issue is patched in Pimcore

Affected Versions

All versions before 10.1.2

Solution

Upgrade to version 10.1.2 or above.

Last Modified

2021-09-10

source