CVE-2023-1116

Name of the Vulnerable Software and Affected Versions pimcore/pimcore versions prior to 10.5.18

Description The issue is related to a Cross-site Scripting (XSS) - Stored vulnerability in the pimcore/pimcore GitHub repository. This vulnerability is associated with the blacklistAction() function, which fails to protect the web page structure when processing email addresses. An attacker can exploit this vulnerability to execute arbitrary JavaScript, potentially stealing cookie information and hijacking user sessions.

Recommendations For versions prior to 10.5.18, update to version 10.5.18 or apply the patch manually from https://github.com/pimcore/pimcore/pull/14467.patch. As a temporary workaround, consider applying the patch manually to mitigate the risk of exploitation.