cve/CVE-2021-39170.md at 8f32eec229df5ac6033987f6cf2822bfcb07c2e0

admin/cve

mirror of https://github.com/0xMarcio/cve.git synced 2025-12-30 04:49:42 +00:00

marc 555e9c7de4 Update Sat May 25 21:48:12 CEST 2024

2024-05-25 21:48:12 +02:00

Description

Pimcore is an open source data & experience management platform. Prior to version 10.1.2, an authenticated user could add XSS code as a value of custom metadata on assets. There is a patch for this issue in Pimcore version 10.1.2. As a workaround, users may apply the patch manually.

POC

Reference

https://huntr.dev/bounties/e4cb9cd8-89cf-427c-8d2e-37ca40099bf2/

Github

No PoCs found on GitHub currently.

829 B Raw Blame History

CVE-2021-39170

Description

POC

Reference

Github

829 B

Raw Blame History