CVE-2019-18982

pimcore/pimcore

on github

Published

November 15, 2019

Severity

CVSS v3:

6.1 MEDIUM

CVSS v2:

4.3 MEDIUM

Description

bundles/AdminBundle/Controller/Admin/EmailController.php in Pimcore before 6.3.0 allows script execution in the Email Log preview window because of the lack of a Content-Security-Policy header.

References

https://github.com/pimcore/pimcore/commit/e0b48faf7d29ce43a98825a0b230e88350ebcf78
https://github.com/pimcore/pimcore/compare/v6.2.3...v6.3.0

Configurations

CPE23	Version Start	Version End	Exact Version
cpe:2.3:a:pimcore:pimcore::::::::	6.0.0 (including)	6.3.0	*

External Links

NVD - CVE-2019-18982