First published: Fri Nov 29 2024(Updated: )
### Impact The Content name pattern is used to build Content names from one or more fields. An XSS vulnerability has been found in this mechanism. Content edit permission is required to exploit it. After the fix, any existing injected XSS will not run. ### Patches - See "Patched versions. - https://github.com/ibexa/admin-ui/commit/8ec824a8cf06c566ed88e4c21cc66f7ed42649fc ### Workarounds None. ### References - Advisory: https://developers.ibexa.co/security-advisories/ibexa-sa-2024-006-vulnerabilities-in-content-name-pattern-commerce-shop-and-varnish-vhost-templates - Release notes: https://doc.ibexa.co/en/latest/update_and_migration/from_4.6/update_from_4.6/#v4614
Credit: security-advisories@github.com security-advisories@github.com
Affected Software | Affected Version | How to fix |
---|---|---|
composer/ibexa/admin-ui | >=4.6.0<4.6.14 | 4.6.14 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.