CVE-2023-28106: XSS
First published: Thu Mar 16 2023(Updated: )
Pimcore is an open source data and experience management platform. Prior to version 10.5.19, an attacker can use cross-site scripting to send a malicious script to an unsuspecting user. Users may upgrade to version 10.5.19 to receive a patch or, as a workaround, apply the patch manually.
Credit: security-advisories@github.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Pimcore Pimcore | <10.5.19 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2023-28106?
CVE-2023-28106 is a vulnerability in the Pimcore open-source data and experience management platform that allows for cross-site scripting attacks.
What is the severity of CVE-2023-28106?
CVE-2023-28106 has a severity rating of medium with a CVSS score of 4.8.
How can an attacker exploit CVE-2023-28106?
An attacker can exploit CVE-2023-28106 by sending a malicious script to an unsuspecting user through cross-site scripting.
How can I fix CVE-2023-28106?
To fix CVE-2023-28106, users can upgrade to version 10.5.19 of Pimcore to receive the patch or manually apply the patch as a workaround.
Where can I find more information about CVE-2023-28106?
More information about CVE-2023-28106 can be found in the references provided: [Link 1](https://github.com/pimcore/pimcore/commit/c59d0bf1d03a5037b586fe06230694fa3818dbf2), [Link 2](https://github.com/pimcore/pimcore/pull/14669.patch), [Link 3](https://github.com/pimcore/pimcore/security/advisories/GHSA-x5j3-mq9g-8jc8).
- collector/nvd-index
- agent/severity
- agent/references
- agent/author
- agent/type
- vendor/pimcore
- canonical/pimcore pimcore