Cross-site Scripting (XSS) - Reflected in pimcore/pimcore
CVE-2023-4453

6.4MEDIUM

Key Information:

Vendor: Pimcore
Status: Pimcore/pimcore
Vendor: CVE Published:; 21 August 2023

Summary

Cross-site Scripting (XSS) - Reflected in GitHub repository pimcore/pimcore prior to 10.6.8.

Affected Version(s)

pimcore/pimcore < 10.6.8

References

https://huntr.dev/bounties/245a8785-0fc0-4561-b181-fa20f8...

https://github.com/pimcore/pimcore/commit/234c0c02ea75020...

CVSS V3.1

Score:

6.4

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Aug 21, 2023
Vulnerability Reserved
Aug 21, 2023

.