CVE-2023-2332

CVSS V2 None CVSS V3 None

Description

A stored Cross-site Scripting (XSS) vulnerability exists in the Conditions tab of Pricing Rules in pimcore/pimcore versions 10.5.19. The vulnerability is present in the From and To fields of the Date Range section, allowing an attacker to inject malicious scripts. This can lead to the execution of arbitrary JavaScript code in the context of the user's browser, potentially stealing cookies or redirecting users to malicious sites. The issue is fixed in version 10.5.21.

Overview

CVE ID
CVE-2023-2332

Assigner
@huntr_ai

Vulnerability Status
PUBLISHED

Published Version
2024-11-15T10:57:19.795Z

Last Modified Date
2024-11-15T21:00:49.061Z

Weakness Enumerations

CWE	URL
CWE-79	http://cwe.mitre.org/data/definitions/79.html

References

Reference URL	Reference Tags
https://huntr.com/bounties/e436ed71-6741-4b30-89db-f7f3de4aca2c
https://github.com/pimcore/pimcore/commit/a4491551967d879141a3fdf0986a9dd3d891abfe

Sources

Source Name	Source URL
NIST	https://nvd.nist.gov/vuln/detail/CVE-2023-2332
MITRE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2332

History

Created	Old Value	New Value	Data Type	Notes
2024-11-16 13:01:41				Added to TrackCVE