CVE-2023-28429: Pimcore has Cross-site Scripting vulnerability in DataObject tooltip field
First published: Mon Mar 20 2023(Updated: )
Pimcore is an open source data and experience management platform. Versions prior to 10.5.19 have an unsecured tooltip field in DataObject class definition. This vulnerability has the potential to steal a user's cookie and gain unauthorized access to that user's account through the stolen cookie or redirect users to other malicious sites. Users should upgrade to version 10.5.19 or, as a workaround, apply the patch manually.
Credit: security-advisories@github.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Pimcore Pimcore | <10.5.19 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this Pimcore vulnerability?
The vulnerability ID for this Pimcore vulnerability is CVE-2023-28429.
What is Pimcore?
Pimcore is an open source data and experience management platform.
What is the severity of CVE-2023-28429?
The severity of CVE-2023-28429 is medium with a CVSS score of 6.1.
What is the affected software version range of CVE-2023-28429?
Versions prior to 10.5.19 of Pimcore are affected by CVE-2023-28429.
How can the vulnerability in Pimcore be exploited?
The vulnerability in Pimcore allows an attacker to steal a user's cookie and potentially gain unauthorized access to their account.
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/remedy
- agent/weakness
- agent/title
- agent/references
- agent/last-modified-date
- agent/author
- agent/description
- agent/first-publish-date
- agent/event
- agent/tags
- agent/source
- vendor/pimcore
- canonical/pimcore pimcore