CVE-2023-28429 in pimcoreinfo

Zusammenfassung

von MITRE • 20.03.2023

Pimcore is an open source data and experience management platform. Versions prior to 10.5.19 have an unsecured tooltip field in DataObject class definition. This vulnerability has the potential to steal a user's cookie and gain unauthorized access to that user's account through the stolen cookie or redirect users to other malicious sites. Users should upgrade to version 10.5.19 or, as a workaround, apply the patch manually.

Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Zuständig

GitHub, Inc.

Reservieren

15.03.2023

Veröffentlichung

20.03.2023

Moderieren

akzeptiert

Eintrag

VDB-223430

CPE

bereit

CWE

CWE-79 (bestätigt)

CVSS

6.1 (CNA)

EPSS

0.00012

KEV

nein

Aktivitäten

very low

Quellen

MITRE	https://www.cve.org/CVERecord?id=CVE-2023-28429
NVD	https://nvd.nist.gov/vuln/detail/CVE-2023-28429
CVE Details	https://www.cvedetails.com/cve/CVE-2023-28429/

◂ Zurück Übersicht Weiter ▸

Might our Artificial Intelligence support you?

Check our Alexa App!