Conversation
AttackerKB
attackerkb
New assessment for topic: CVE-2022-0510
Topic description: "Cross-site Scripting (XSS) - Reflected in Packagist pimcore/pimcore prior to 10.3.1. ..."
"Missing Sanitization of `$item->getGroup()` (lines 864 and 1269) in `fieldcollectionTreeAction/objectbrickTreeAction` functions in `bundles/AdminBundle/Controller/Admin/DataObject/ClassController.php` allows Admin User to perform Source Code Injection through Stored Group Fields (in Object Bricks/Field Collection under settings module) resulting in Information Exposure (cookie theft). ..."
Link: https://attackerkb.com/assessments/cd11e0f9-6a68-4d14-b233-1fa6126daceb
Topic description: "Cross-site Scripting (XSS) - Reflected in Packagist pimcore/pimcore prior to 10.3.1. ..."
"Missing Sanitization of `$item->getGroup()` (lines 864 and 1269) in `fieldcollectionTreeAction/objectbrickTreeAction` functions in `bundles/AdminBundle/Controller/Admin/DataObject/ClassController.php` allows Admin User to perform Source Code Injection through Stored Group Fields (in Object Bricks/Field Collection under settings module) resulting in Information Exposure (cookie theft). ..."
Link: https://attackerkb.com/assessments/cd11e0f9-6a68-4d14-b233-1fa6126daceb
0
0
0