GMS-2023-779: Reflected XSS in Application Logger module

March 16, 2023

Impact

This vulnerability has the potential to steal a user’s cookie and gain unauthorized access to that user’s account through the stolen cookie or redirect users to other malicious sites.

Patches

Update to version 10.5.19 or apply this patch manually https://github.com/pimcore/pimcore/pull/14606.patch

Workarounds

Apply https://github.com/pimcore/pimcore/pull/14606.patch manually.

References

https://huntr.dev/bounties/2a64a32d-b1cc-4def-91da-18040d59f356/

References

github.com/advisories/GHSA-2xpm-cmvw-3jcc
github.com/pimcore/pimcore/security/advisories/GHSA-2xpm-cmvw-3jcc

Detect and mitigate GMS-2023-779 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →