GHSA-xr3m-6gq6-22cg: Pimcore Authenticated Stored Cross-Site Scripting (XSS) Via Search Document

January 28, 2025 (updated January 29, 2025)

A Stored Cross-Site Scripting (XSS) vulnerability in PIMCORE allows remote attackers to inject arbitrary web script or HTML via the PDF upload functionality. This can result in the execution of malicious scripts in the context of the user’s browser when the PDF is viewed, leading to potential session hijacking, defacement of web pages, or unauthorized access to sensitive information.

References

github.com/advisories/GHSA-xr3m-6gq6-22cg
github.com/pimcore/pimcore
github.com/pimcore/pimcore/security/advisories/GHSA-xr3m-6gq6-22cg

Code Behaviors & Features

Detect and mitigate GHSA-xr3m-6gq6-22cg with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →