CVE-2023-2730

MEDIUM5.4EPSS 0.01%

Pimcore Cross-site Scripting vulnerability

Published: 5/16/2023Modified: 2/16/2024
Also known as:GHSA-q3p4-v2cm-q945

Description

Pimcore prior to 10.3.3 is vulnerable to stored cross-site scripting at the `Title field` in `SEO & Settings` tab of `Document`.

Affected packages (1)

CVSS scores

SourceVersionSeverityVector
osvCVSS 3.1MEDIUM5.4CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

References (4)

CVE-2023-2730 — Pimcore Cross-site Scripting vulnerability · VulnScope