CVE-2021-39170

Cross-site Scripting in packagist/pimcore/pimcore

Identifier

CVE-2021-39170

Package Slug

packagist/pimcore/pimcore

Vulnerability

Cross-site Scripting

Description

Pimcore is an open source data & experience management platform. An authenticated user could add XSS code as a value of custom metadata on assets. There is a patch for this issue in Pimcore As a workaround, users may apply the patch manually.

Affected Versions

All versions before 10.1.2

Solution

Upgrade to version 10.1.2 or above.

Last Modified

2021-09-10

source