XSS Injection at pimcore/pimcore

 

 

XSS Injection at pimcore/pimcore - CVE-2018-14059

Overview

Multiple stored cross-site scripting vulnerabilities have been identified across multiple functions in the application, which allows an authenticated attacker to insert arbitrary JavaScript code in virtually all text fields and data entries in the application.

Remediation

Update to "pimcore/pimcore": "v5.3.0"

Reference

Ready to be protected?

14 days trial , No credit card upfront , Risk free