This vulnerability has the potential to steal a user's cookie and gain unauthorized access to that user's account through the stolen cookie or redirect users to other malicious sites.
Update to version 10.5.20 or apply this patch manually https://github.com/pimcore/pimcore/pull/14721.patch
Apply https://github.com/pimcore/pimcore/pull/14721.patch manually.
https://huntr.dev/bounties/64f943c4-68e5-4ef8-82f6-9c4abe928256/
{ "nvd_published_at": null, "cwe_ids": [ "CWE-79" ], "severity": "MODERATE", "github_reviewed": true, "github_reviewed_at": "2023-03-31T17:17:04Z" }