What is the severity of CVE-2023-2332?

CVE-2023-2332 is considered a high severity vulnerability due to its potential to steal user cookies and allow unauthorized access to accounts.

How do I fix CVE-2023-2332?

To fix CVE-2023-2332, update your Pimcore installation to version 10.5.21 or apply the provided manual patch.

Which versions of Pimcore are affected by CVE-2023-2332?

CVE-2023-2332 affects Pimcore versions 10.5.19 and below.

What type of attack can CVE-2023-2332 enable?

CVE-2023-2332 can enable cookie theft attacks, allowing attackers to gain unauthorized access to users' accounts.

Is CVE-2023-2332 actively being exploited?

While there is no public indication of active exploitation for CVE-2023-2332, it is advisable to apply security updates immediately.

Vulnerability/
CVE-2023-2332

medium

4.8

CWE

27/4/2023

15/11/2024

19/11/2024

CVE-2023-2332: Stored Cross-site Scripting (XSS) in pimcore/pimcore

First published: Thu Apr 27 2023(Updated: )

### Impact This vulnerability has the potential to steal a user's cookie and gain unauthorized access to that user's account through the stolen cookie or redirect users to other malicious sites. ### Patches Update to version 10.5.21 or apply this patch manually https://github.com/pimcore/pimcore/commit/a4491551967d879141a3fdf0986a9dd3d891abfe.patch ### Workarounds Apply patch https://github.com/pimcore/pimcore/commit/a4491551967d879141a3fdf0986a9dd3d891abfe.patch manually. ### References https://huntr.dev/bounties/e436ed71-6741-4b30-89db-f7f3de4aca2c/

Credit: security@huntr.dev security@huntr.dev

Affected Software	Affected Version	How to fix
composer/pimcore/pimcore	<10.5.21	10.5.21
Pimcore E-commerce Framework	=10.5.19

Remedy

https://github.com/pimcore/pimcore/commit/a4491551967d879141a3fdf0986a9dd3d891abfe

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2023-2332?
CVE-2023-2332 is considered a high severity vulnerability due to its potential to steal user cookies and allow unauthorized access to accounts.
How do I fix CVE-2023-2332?
To fix CVE-2023-2332, update your Pimcore installation to version 10.5.21 or apply the provided manual patch.
Which versions of Pimcore are affected by CVE-2023-2332?
CVE-2023-2332 affects Pimcore versions 10.5.19 and below.
What type of attack can CVE-2023-2332 enable?
CVE-2023-2332 can enable cookie theft attacks, allowing attackers to gain unauthorized access to users' accounts.
Is CVE-2023-2332 actively being exploited?
While there is no public indication of active exploitation for CVE-2023-2332, it is advisable to apply security updates immediately.

agent/title
agent/weakness
agent/type
collector/github-advisory-latest
source/GitHub
alias/GHSA-r7mm-jx6h-hv7m
alias/CVE-2023-2332
agent/software-canonical-lookup
agent/references
agent/description
agent/first-publish-date
agent/author
collector/mitre-cve
source/MITRE
agent/severity
agent/remedy
agent/last-modified-date
agent/softwarecombine
agent/event
collector/github-advisory
agent/trending
agent/source
agent/tags
collector/nvd-api
source/NVD
agent/software-canonical-lookup-request
collector/nvd-cve
package-manager/composer
vendor/pimcore
canonical/pimcore e-commerce framework
version/pimcore e-commerce framework/10.5.19

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.