We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.
Please see our statement on Data Privacy.
The Pimcore Admin Classic Bundle provides a backend UI for Pimcore. Prior to version 1.2.0, a cross-site scripting vulnerability has the potential to steal a user's cookie and gain unauthorized access to that user's account through the stolen cookie or redirect users to other malicious sites. Users should upgrade to version 1.2.0 to receive a patch or, as a workaround, apply the patch manually.
Reserved 2023-10-25 | Published 2023-10-31 | Updated 2024-09-05 | Assigner GitHub_MCWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)
CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
github.com/...bundle/security/advisories/GHSA-jfxw-6c5v-c42f
github.com/...ommit/19fda2e86557c2ed4978316104de5ccdaa66d8b9
github.com/...ommit/757375677dc83a44c6c22f26d97452cc5cda5d7c
Support options