An attacker can use XSS to send a malicious script to an unsuspecting user.
Update to version 10.5.19 or apply this patch manually https://github.com/pimcore/pimcore/pull/14669.patch
Apply https://github.com/pimcore/pimcore/pull/14669.patch manually.
https://huntr.dev/bounties/fa77d780-9b23-404b-8c44-12108881d11a
{ "nvd_published_at": "2023-03-16T17:15:00Z", "github_reviewed_at": "2023-03-17T14:43:35Z", "severity": "MODERATE", "github_reviewed": true, "cwe_ids": [ "CWE-79" ] }