{"id":"CVE-2022-0256","summary":"Cross-site Scripting (XSS) - Stored in pimcore/pimcore","details":"pimcore is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","aliases":["GHSA-57hg-26h7-9qgv"],"modified":"2026-03-20T11:45:38.184904Z","published":"2022-01-17T15:10:09Z","database_specific":{"cna_assigner":"@huntrdev","cwe_ids":["CWE-79"],"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/0xxx/CVE-2022-0256.json"},"references":[{"type":"WEB","url":"https://huntr.dev/bounties/8d88e48a-7124-4aaf-9f1d-6cfe4f9a79c1"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/0xxx/CVE-2022-0256.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-0256"},{"type":"FIX","url":"https://github.com/pimcore/pimcore/commit/dff1cb0c466abcd55f1268934de3ed937b7436a7"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/pimcore/pimcore","events":[{"introduced":"0"},{"fixed":"dff1cb0c466abcd55f1268934de3ed937b7436a7"}]}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-0256.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"}]}