Pimcore is an open source data and experience management platform. Versions before 10.5.19 have an unsecured tooltip field in DataObject class definition. This vulnerability has the potential to steal a user's cookie and gain unauthorized access to that user's account through the stolen cookie or redirect users to other malicious sites. Users should upgrade to version 10.5.19 or, as a workaround, apply the patch manually.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
pimcore pimcore |