{"id":"CVE-2019-18982","details":"bundles/AdminBundle/Controller/Admin/EmailController.php in Pimcore before 6.3.0 allows script execution in the Email Log preview window because of the lack of a Content-Security-Policy header.","aliases":["GHSA-m4x3-xmjv-r778"],"modified":"2026-03-14T09:34:46.069314Z","published":"2019-11-15T05:15:12.893Z","references":[{"type":"FIX","url":"https://github.com/pimcore/pimcore/commit/e0b48faf7d29ce43a98825a0b230e88350ebcf78"},{"type":"FIX","url":"https://github.com/pimcore/pimcore/compare/v6.2.3...v6.3.0"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/pimcore/pimcore","events":[{"introduced":"8e2c939c08df3c35d46a812afbe72af25ad16bbb"},{"fixed":"15e5c0c9836a2a6700f9aeb489b5999790db2c68"},{"fixed":"e0b48faf7d29ce43a98825a0b230e88350ebcf78"}],"database_specific":{"versions":[{"introduced":"6.0.0"},{"fixed":"6.3.0"}]}}],"versions":["v6.0.0","v6.0.1","v6.0.2","v6.0.3","v6.0.4","v6.0.5","v6.1.0","v6.1.1","v6.1.2","v6.2.0","v6.2.1","v6.2.2","v6.2.3"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-18982.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}]}