Pimcore is an open source data and experience management platform. Versions prior to 10.5.19 have an unsecured tooltip field in DataObject class definition. This vulnerability has the potential to steal a user's cookie and gain unauthorized access to that user's account through the stolen cookie or redirect users to other malicious sites. Users should upgrade to version 10.5.19 or, as a workaround, apply the patch manually.
| Package (Ecosystem) | Introduced | Fixed | Limit |
|---|---|---|---|
| pimcore/pimcore(Packagist) | 0 | 10.5.19 | N/A |
CVSS Metrics
