PT-2023-22007 · Pimcore · Pimcore Perspective Editor

Cupc4K3

Publicado

2023-04-03

Atualizado

2023-04-12

CVE-2023-28850

CVSS v3.1

6.1

Média

Vetor

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Pimcore Perspective Editor versions prior to 1.5.1

Description This issue has the potential to steal a user's cookie and gain unauthorized access to that user's account through the stolen cookie or redirect users to other malicious sites.

Recommendations For versions prior to 1.5.1, update to version 1.5.1 to resolve the issue. As a temporary workaround for versions prior to 1.5.1, apply the patch manually.

Exploit

Correção

XSS

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-79

Identificadores relacionados

CVE-2023-28850

GHSA-FQ8Q-55V3-2986

Produtos afetados

Pimcore Perspective Editor

PT-2023-22007 · Pimcore · Pimcore Perspective Editor

CVE-2023-28850

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 9