pimcore is vulnerable to cross-site scripting in Composite indices key field
Description
Published to the GitHub Advisory Database
Apr 4, 2023
Reviewed
Apr 4, 2023
Last updated
Apr 4, 2023
Impact
Pimcore is vulnerable to Cross site scripting vulnerability in classes module.
Patches
Update to version 10.5.20.
Workarounds
Apply the patch https://github.com/pimcore/pimcore/commit/765832f0dc5f6cfb296a82e089b701066f27bcef.patch manually.
References