CVE-2023-2730

Name of the Vulnerable Software and Affected Versions pimcore versions prior to 10.3.3

Description The issue is related to stored Cross-site Scripting (XSS) in the GitHub repository pimcore/pimcore. Specifically, it affects the Title field in the SEO & Settings tab of Document. This allows for malicious scripts to be stored and executed when a user accesses the affected page.

Recommendations For versions prior to 10.3.3, update to version 10.3.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the Title field in the SEO & Settings tab of Document to minimize the risk of exploitation.