Aryaantony92

**Name of the Vulnerable Software and Affected Versions** pimcore/customer-data-framework versions prior to 3.4.2 **Description** The issue is related to Cross-site Scripting (XSS) - Stored, which can be exploited by an attacker to trick victims into clicking on malicious hyperlinks, potentially leading to damage and unauthorized access to user logins. This can occur through HTML injection in emails, allowing attackers to redirect victims to malicious sites or host XSS pages. **Recommendations** Update to version 3.4.2 or apply the patch manually from https://github.com/pimcore/customer-data-framework/commit/72f45dd537a706954e7a71c99fbe318640e846a2.patch to resolve the issue. As a temporary workaround, consider applying the patch manually to mitigate the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** pimcore/pimcore versions prior to 10.6.4 **Description** The issue is related to Cross-site Scripting (XSS) - Stored, which occurs when an application stores user input without proper validation, allowing attackers to inject malicious scripts. This can lead to unauthorized access or control of user sessions. **Recommendations** For versions prior to 10.6.4, update to version 10.6.4 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** pimcore/pimcore versions prior to 10.6.4 **Description** The issue is related to Cross-site Scripting (XSS) - Reflected, which can be exploited by a remote attacker to conduct inter-site script attacks. This is due to the lack of protection measures for the web page structure in the PHP platform pimcore. **Recommendations** For versions prior to 10.6.4, update to version 10.6.4 or later to resolve the issue. As a temporary workaround, consider restricting access to sensitive areas of the web application to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** pimcore/pimcore versions prior to 10.5.21 **Description** The issue is related to Cross-site Scripting (XSS) - DOM, which has the potential to steal a user's cookie and gain unauthorized access to that user's account through the stolen cookie or redirect users to other malicious sites. **Recommendations** Update to version 10.5.21 or apply the patch manually to resolve the issue. As a temporary workaround, consider applying patches manually until the official update is applied.

**Name of the Vulnerable Software and Affected Versions** pimcore/pimcore version 10.5.19 **Description** A stored Cross-site Scripting (XSS) vulnerability exists in the Conditions tab of Pricing Rules, specifically in the From and To fields of the Date Range section. This allows an attacker to inject malicious scripts, potentially leading to the execution of arbitrary JavaScript code in the context of the user's browser. The issue can result in stealing cookies or redirecting users to malicious sites. **Recommendations** Update to version 10.5.21 to resolve the issue. As a temporary workaround, consider applying the patch manually from https://github.com/pimcore/pimcore/commit/a4491551967d879141a3fdf0986a9dd3d891abfe.patch to mitigate the risk.

**Name of the Vulnerable Software and Affected Versions** pimcore/pimcore versions prior to 10.5.21 **Description** This issue has the potential to steal a user's cookie and gain unauthorized access to that user's account through the stolen cookie or redirect users to other malicious sites. **Recommendations** Update to version 10.5.21 or apply the patch manually. As a temporary workaround, consider applying the patch manually to mitigate the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** pimcore/pimcore versions prior to 10.5.21 **Description** This issue is related to Cross-site Scripting (XSS) - Stored, which has the potential to steal a user's cookie and gain unauthorized access to that user's account through the stolen cookie or redirect users to other malicious sites. **Recommendations** For versions prior to 10.5.21, update to version 10.5.21 or apply the patch manually. As a temporary workaround, consider applying the patch manually until the official update is applied.

**Name of the Vulnerable Software and Affected Versions** pimcore/pimcore versions prior to 10.5.20 **Description** This issue is related to Cross-site Scripting (XSS) - Reflected, which has the potential to steal a user's cookie and gain unauthorized access to that user's account through the stolen cookie or redirect users to other malicious sites. **Recommendations** Update to version 10.5.20 or apply the patch manually. As a temporary workaround, consider applying the patch from https://github.com/pimcore/pimcore/pull/14721.patch manually.

**Name of the Vulnerable Software and Affected Versions** pimcore/pimcore versions prior to 10.5.20 **Description** The issue is related to Cross-site Scripting (XSS) - Generic in the GitHub repository pimcore/pimcore. This vulnerability has the potential to steal a user's cookie and gain unauthorized access to that user's account through the stolen cookie or redirect users to other malicious sites. **Recommendations** Update to version 10.5.20 or apply the patch manually from https://github.com/pimcore/pimcore/pull/14721.patch As a temporary workaround, consider applying the patch manually from https://github.com/pimcore/pimcore/pull/14721.patch to minimize the risk of exploitation.