CVE-2021-39170: Cross-site Scripting

September 1, 2021 (updated September 9, 2021)

Pimcore is an open source data & experience management platform. An authenticated user could add XSS code as a value of custom metadata on assets. There is a patch for this issue in Pimcore As a workaround, users may apply the patch manually.

References

nvd.nist.gov/vuln/detail/CVE-2021-39170

Code Behaviors & Features

Detect and mitigate CVE-2021-39170 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →