GHSA-fq8q-55v3-2986

Опубликовано: 03 апр. 2023

Источник: github

Github: Прошло ревью

CVSS3: 6.1

Описание

Pimcore Perspective Editor vulnerable to stored cross-site scripting (XSS) in perspective name

Impact

This vulnerability has the potential to steal a user's cookie and gain unauthorized access to that user's account through the stolen cookie or redirect users to other malicious sites.

Patches

Update to version 1.5.1.

Workarounds

Apply the patch https://github.com/pimcore/perspective-editor/pull/121.patch manually.

Ссылки

Пакеты

Наименование

pimcore/perspective-editor

composer

Затронутые версииВерсия исправления

< 1.5.1

1.5.1

EPSS

Процентиль: 8%

0.00028

Низкий

6.1 Medium

CVSS3

CVE ID

CVE-2023-28850

Дефекты

CWE-79

Связанные уязвимости

CVE-2023-28850

CVSS3: 6.1

nvd

почти 3 года назад

Pimcore Perspective Editor provides an editor for Pimcore that allows users to add/remove/edit custom views and perspectives. This vulnerability has the potential to steal a user's cookie and gain unauthorized access to that user's account through the stolen cookie or redirect users to other malicious sites. Version 1.5.1 has a patch. As a workaround, one may apply the patch manually.

EPSS

Процентиль: 8%

0.00028

Низкий

6.1 Medium

CVSS3

CVE ID

CVE-2023-28850

Дефекты

CWE-79