Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Pimcore Admin Classic Bundle Cross-site Scripting (XSS) in PDF previews
Vulnerability Description
The Pimcore Admin Classic Bundle provides a backend UI for Pimcore. Prior to version 1.2.0, a cross-site scripting vulnerability has the potential to steal a user's cookie and gain unauthorized access to that user's account through the stolen cookie or redirect users to other malicious sites. Users should upgrade to version 1.2.0 to receive a patch or, as a workaround, apply the patch manually.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Vulnerability Type
Web页面中脚本相关HTML标签转义处理不恰当(基本跨站脚本)
Vulnerability Title
Pimcore 安全漏洞
Vulnerability Description
Pimcore是奥地利Pimcore公司的一套开源的用于创建和管理Web应用程序的Web内容管理平台。该平台集成了Web内容管理、电子商务框架和产品信息管理等应用。 Pimcore Admin Classic Bundle 1.2.0之前版本存在安全漏洞,该漏洞源于存在跨站脚本(XSS)漏洞。攻击者可利用该漏洞窃取用户cookie,并通过窃取的cookie获得对该用户帐户的访问权限,或将用户重定向到其他恶意网站。
CVSS Information
N/A
Vulnerability Type
N/A