CVE-2023-28429 in pimcore情報

要約

〜によって MITRE • 2023年03月20日

Pimcore is an open source data and experience management platform. Versions prior to 10.5.19 have an unsecured tooltip field in DataObject class definition. This vulnerability has the potential to steal a user's cookie and gain unauthorized access to that user's account through the stolen cookie or redirect users to other malicious sites. Users should upgrade to version 10.5.19 or, as a workaround, apply the patch manually.

Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

責任者

GitHub, Inc.

予約する

2023年03月15日

公開

2023年03月20日

モデレーション

承諾済み

エントリ

VDB-223430

CPE

準備完了

CWE

CWE-79 (確認済み)

CVSS

6.1 (CNA)

EPSS

0.00012

KEV

いいえ

アクティビティ

非常低い

ソース

MITRE	https://www.cve.org/CVERecord?id=CVE-2023-28429
NVD	https://nvd.nist.gov/vuln/detail/CVE-2023-28429
CVE Details	https://www.cvedetails.com/cve/CVE-2023-28429/

◂ 前概要次 ▸

Do you need the next level of professionalism?

Upgrade your account now!