Pimcore.Key.Field.Stored.XSS
Description
This indicates an attack attempt to exploit a Cross-Site Scripting Vulnerability in Pimcore.
This vulnerability is due to improper input validation for the Key field in the Navigation and Properties tab. A remote, authenticated attacker can exploit this vulnerability by sending a crafted request to the target server. Successfully exploiting this vulnerability could result in arbitrary script execution in the context of the victim's browser.
Affected Products
Pimcore Pimcore prior to 10.3.3
Impact
System Compromise: Remote attackers can gain control of vulnerable systems.
Recommended Actions
Apply the most recent upgrade or patch from the vendor.
https://github.com/pimcore/pimcore/commit/e786fd44aac46febdbf916ed6c328fbe645d80bf
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |