Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up

GHSA-wqr6-57qm-hhr5

GitHub Security Advisory

Pimcore vulnerable to cross site scripting

✓ GitHub Reviewed MODERATE Has CVE
View on GitHub

Advisory Details

If an attacker can control a script that is executed in the victim's browser, then they can typically fully compromise that user. Amongst other things, the attacker can perform any action within the application that the user can perform; view any information that the user is able to view; modify any information that the user is able to modify; and/or initiate interactions with other application users, including malicious attacks, that will appear to originate from the initial victim user. A patch for this issue is available at commit 1e916e7d668c9e47b217e20cc0ea4812f466201b and anticipated to be part of version 10.5.7.

Affected Packages

Packagist pimcore/pimcore
Affected versions: 0 (fixed in 10.5.7)

Related CVEs

CVE-2022-3255

Key Information

GHSA ID
GHSA-wqr6-57qm-hhr5
Published
September 22, 2022 12:00 AM
Last Modified
September 23, 2022 1:56 PM
CVSS Score
5.0 /10
Primary Ecosystem
Packagist
Primary Package
pimcore/pimcore
GitHub Reviewed
✓ Yes

Dataset

Last updated: November 26, 2025 6:30 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.