CVE-2023-28850

Опубликовано: 03 апр. 2023

Источник: nvd

CVSS3: 6.1

CVSS3: 5.4

EPSS Низкий

Описание

Pimcore Perspective Editor provides an editor for Pimcore that allows users to add/remove/edit custom views and perspectives. This vulnerability has the potential to steal a user's cookie and gain unauthorized access to that user's account through the stolen cookie or redirect users to other malicious sites. Version 1.5.1 has a patch. As a workaround, one may apply the patch manually.

Ссылки

https://github.com/pimcore/perspective-editor/pull/121.patch
Mailing List
Patch
https://github.com/pimcore/perspective-editor/security/advisories/GHSA-fq8q-55v3-2986
Exploit
Patch
Vendor Advisory
https://huntr.dev/bounties/5529f51e-e40f-46f1-887b-c9dbebab4f06/
Exploit
Issue Tracking
Patch
Third Party Advisory
https://github.com/pimcore/perspective-editor/pull/121.patch
Mailing List
Patch
https://github.com/pimcore/perspective-editor/security/advisories/GHSA-fq8q-55v3-2986
Exploit
Patch
Vendor Advisory
https://huntr.dev/bounties/5529f51e-e40f-46f1-887b-c9dbebab4f06/
Exploit
Issue Tracking
Patch
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:pimcore:perspective_editor:*:*:*:*:*:*:*:*

Версия до 1.5.1 (исключая)

EPSS

Процентиль: 8%

0.00028

Низкий

6.1 Medium

CVSS3

5.4 Medium

CVSS3

Дефекты

CWE-79

Связанные уязвимости

GHSA-fq8q-55v3-2986

CVSS3: 6.1

github

почти 3 года назад

Pimcore Perspective Editor vulnerable to stored cross-site scripting (XSS) in perspective name

EPSS

Процентиль: 8%

0.00028

Низкий

6.1 Medium

CVSS3

5.4 Medium

CVSS3

Дефекты

CWE-79