CVE-2019-18656

Description

Pimcore 6prior to 6.3.0 has XSS in the translations grid because `bundles/AdminBundle/Resources/public/js/pimcore/settings/translations.js` mishandles certain HTML elements.

Affected packages (1)

• Packagist/pimcore/pimcorefrom 0, < 6.3.0

CVSS scores

References (3)

• ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2019-18656
• PATCHhttps://github.com/pimcore/pimcore
• WEBhttps://github.com/pimcore/pimcore/commit/ca036e9f86bb5cdb3dac0930ec131e5f35e26c5f