CVE-2023-2361: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

April 28, 2023 (updated May 4, 2023)

Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.21.

References

github.com/advisories/GHSA-9xg6-75mh-7x3f
github.com/pimcore/pimcore/commit/6970649f5d3790a1db9ef4324bece0d4cb95366a
github.com/pimcore/pimcore/security/advisories/GHSA-9xg6-75mh-7x3f
huntr.dev/bounties/24d91b83-c3df-48f5-a713-9def733f2de7
nvd.nist.gov/vuln/detail/CVE-2023-2361

Code Behaviors & Features

Detect and mitigate CVE-2023-2361 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →