GHSA-xr3m-6gq6-22cg: Pimcore Authenticated Stored Cross-Site Scripting (XSS) Via Search Document
(updated )
A Stored Cross-Site Scripting (XSS) vulnerability in PIMCORE allows remote attackers to inject arbitrary web script or HTML via the PDF upload functionality. This can result in the execution of malicious scripts in the context of the user’s browser when the PDF is viewed, leading to potential session hijacking, defacement of web pages, or unauthorized access to sensitive information.
References
Detect and mitigate GHSA-xr3m-6gq6-22cg with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →