What is the vulnerability ID of this vulnerability?

The vulnerability ID is CVE-2023-2340.

What is the impact of the CVE-2023-2340 vulnerability?

The CVE-2023-2340 vulnerability allows an attacker to steal user session cookies, leading to a complete account takeover.

How can I fix the CVE-2023-2340 vulnerability?

To fix the CVE-2023-2340 vulnerability, update to version 10.5.21 of the pimcore/pimcore package or apply the patch manually.

What is the severity of the CVE-2023-2340 vulnerability?

The severity of the CVE-2023-2340 vulnerability is medium with a CVSS score of 5.4.

Where can I get more information about the CVE-2023-2340 vulnerability?

You can find more information about the CVE-2023-2340 vulnerability at the following references: [link1], [link2], [link3].

Vulnerability/
CVE-2023-2340

medium

6.1

CWE

27/4/2023

2/8/2024

CVE-2023-2340: Cross-site Scripting (XSS) - Stored in pimcore/pimcore

First published: Thu Apr 27 2023(Updated: )

### Impact The attacker is capable to stolen the user session cookie. it will leads to complete account takeover. ### Patches Update to version 10.5.21 or apply this patch manually https://github.com/pimcore/pimcore/commit/aa38319e353cc3cdfac12e03e21ed7a8f3628d3e.patch ### Workarounds Apply patch https://github.com/pimcore/pimcore/commit/aa38319e353cc3cdfac12e03e21ed7a8f3628d3e.patch manually. ### References https://huntr.dev/bounties/964762b0-b4fe-441c-81e1-0ebdbbf80f3b/

Credit: security@huntr.dev security@huntr.dev

Affected Software	Affected Version	How to fix
composer/pimcore/pimcore	<10.5.21	10.5.21
Pimcore Pimcore	<10.5.21

Remedy

https://github.com/pimcore/pimcore/commit/aa38319e353cc3cdfac12e03e21ed7a8f3628d3e

Remedy

https://huntr.dev/bounties/964762b0-b4fe-441c-81e1-0ebdbbf80f3b

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the vulnerability ID of this vulnerability?
The vulnerability ID is CVE-2023-2340.
What is the impact of the CVE-2023-2340 vulnerability?
The CVE-2023-2340 vulnerability allows an attacker to steal user session cookies, leading to a complete account takeover.
How can I fix the CVE-2023-2340 vulnerability?
To fix the CVE-2023-2340 vulnerability, update to version 10.5.21 of the pimcore/pimcore package or apply the patch manually.
What is the severity of the CVE-2023-2340 vulnerability?
The severity of the CVE-2023-2340 vulnerability is medium with a CVSS score of 5.4.
Where can I get more information about the CVE-2023-2340 vulnerability?
You can find more information about the CVE-2023-2340 vulnerability at the following references: [link1], [link2], [link3].

collector/github-advisory-latest
alias/GHSA-g93x-fm2w-5pxw
alias/CVE-2023-2340
collector/github-advisory
collector/nvd-index
collector/nvd-cve
agent/author
agent/type
agent/remedy
agent/softwarecombine
collector/mitre-cve
source/MITRE
agent/severity
agent/references
agent/weakness
agent/title
agent/last-modified-date
agent/event
agent/tags
agent/first-publish-date
agent/description
package-manager/composer
vendor/pimcore
canonical/pimcore pimcore

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.