This vulnerability has the potential to steal a user's cookie and gain unauthorized access to that user's account through the stolen cookie or redirect users to other malicious sites.
Update to version 10.5.20 or apply this patch manually https://github.com/pimcore/pimcore/pull/14732.patch
Apply https://github.com/pimcore/pimcore/pull/14732.patch manually.
https://huntr.dev/bounties/84419c7b-ae29-401b-bdfd-5d0c498d320f/
{ "nvd_published_at": null, "cwe_ids": [ "CWE-79" ], "severity": "MODERATE", "github_reviewed": true, "github_reviewed_at": "2023-03-31T16:23:49Z" }