Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up

GHSA-cjv6-w5hf-5wr6

GitHub Security Advisory

Cross-site Scripting (XSS) in Ecommerce Pricing Rules name field

✓ GitHub Reviewed MODERATE Has CVE
View on GitHub

Advisory Details

### Impact
This vulnerability has the potential to steal a user's cookie and gain unauthorized access to that user's account through the stolen cookie or redirect users to other malicious sites.

### Patches
Update to version 10.5.21 or apply this patch manually https://github.com/pimcore/pimcore/commit/e88fa79de7b5903fb58ddbc231130b04d937d79e.patch

### Workarounds
Apply patch https://github.com/pimcore/pimcore/commit/e88fa79de7b5903fb58ddbc231130b04d937d79e.patch manually.

### References
https://huntr.dev/bounties/41edf190-f6bf-4a29-a237-7ff1b2d048d3/

Affected Packages

Packagist pimcore/pimcore
Affected versions: 0 (fixed in 10.5.21)

Related CVEs

CVE-2023-2323

Key Information

GHSA ID
GHSA-cjv6-w5hf-5wr6
Published
April 27, 2023 7:36 PM
Last Modified
April 27, 2023 7:36 PM
CVSS Score
5.0 /10
Primary Ecosystem
Packagist
Primary Package
pimcore/pimcore
GitHub Reviewed
✓ Yes

Dataset

Last updated: November 26, 2025 6:30 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.