First published: Wed Sep 01 2021(Updated: )
Pimcore is an open source data & experience management platform. Prior to version 10.1.2, text-values were not properly escaped before printed in the version preview. This allowed XSS by authenticated users with access to the resources. This issue is patched in Pimcore version 10.1.2.
Credit: security-advisories@github.com
Affected Software | Affected Version | How to fix |
---|---|---|
Pimcore Pimcore | <10.1.2 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2021-39166 has a moderate severity due to the potential for XSS attacks by authenticated users.
To remediate CVE-2021-39166, upgrade to Pimcore version 10.1.2 or later.
Anyone using Pimcore versions prior to 10.1.2 that allows authenticated users access to resources is affected.
CVE-2021-39166 is an XSS (Cross-Site Scripting) vulnerability.
The impact of CVE-2021-39166 is that it permits authenticated users to inject malicious scripts into the version preview.