Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up

GHSA-9q7q-r54q-3f3g

GitHub Security Advisory

Cross-site Scripting (XSS) in DataObject Classification Store

✓ GitHub Reviewed MODERATE Has CVE
View on GitHub

Advisory Details

### Impact
This vulnerability has the potential to steal a user's cookie and gain unauthorized access to that user's account through the stolen cookie or redirect users to other malicious sites.

### Patches
Update to version 10.5.21 or apply this patch manually https://github.com/pimcore/pimcore/commit/f1d904094700b513c4756904fa2b1e19d08d890e.patch

### Workarounds
Apply patch https://github.com/pimcore/pimcore/commit/f1d904094700b513c4756904fa2b1e19d08d890e.patch manually.

### References
https://huntr.dev/bounties/2fa17227-a717-4b66-ab5a-16bffbb4edb2/

Affected Packages

Packagist pimcore/pimcore
Affected versions: 0 (fixed in 10.5.21)

Related CVEs

CVE-2023-2343

Key Information

GHSA ID
GHSA-9q7q-r54q-3f3g
Published
April 27, 2023 5:11 PM
Last Modified
May 4, 2023 9:44 PM
CVSS Score
5.0 /10
Primary Ecosystem
Packagist
Primary Package
pimcore/pimcore
GitHub Reviewed
✓ Yes

Dataset

Last updated: November 25, 2025 6:29 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.