CVE-2023-46722

Name of the Vulnerable Software and Affected Versions Pimcore Admin Classic Bundle versions prior to 1.2.0

Description A cross-site scripting issue has the potential to steal a user's cookie and gain unauthorized access to that user's account through the stolen cookie or redirect users to other malicious sites. This can be achieved by uploading a malicious file, such as a PDF with an XSS payload, to the /admin area of the application, specifically through the "Documents" section by going to home, clicking on Sample Content, and then clicking on the Document folder.

Recommendations For versions prior to 1.2.0, upgrade to version 1.2.0 to receive a patch. As a temporary workaround for versions prior to 1.2.0, apply the patch manually.