Overview
- Description
- A stored Cross-site Scripting (XSS) vulnerability exists in the Conditions tab of Pricing Rules in pimcore/pimcore versions 10.5.19. The vulnerability is present in the From and To fields of the Date Range section, allowing an attacker to inject malicious scripts. This can lead to the execution of arbitrary JavaScript code in the context of the user's browser, potentially stealing cookies or redirecting users to malicious sites. The issue is fixed in version 10.5.21.
- Source
- security@huntr.dev
- NVD status
- Undergoing Analysis
Risk scores
CVSS 3.0
- Type
- Secondary
- Base score
- 4
- Impact score
- 3.4
- Exploitability score
- 0.6
- Vector string
- CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L
- Severity
- MEDIUM
Weaknesses
- security@huntr.dev
- CWE-79
Social media
- Hype score
- Not currently trending
CVE-2023-2332 Stored XSS Vulnerability in Pimcore Pricing Rules Before 10.5.21 In versions 10.5.19 of pimcore/pimcore, there is a stored Cross-site Scripting (XSS) vulnerability in the Conditions tab of Pricing R... https://t.co/uKLGDFdKiO
@VulmonFeeds
15 Nov 2024
15 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2023-2332 A stored Cross-site Scripting (XSS) vulnerability exists in the Conditions tab of Pricing Rules in pimcore/pimcore versions 10.5.19. The vulnerability is present in the… https://t.co/qEeaLhQOAO
@CVEnew
15 Nov 2024
312 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes