Pimcore 10.5.19 XSS in Pricing Rules Conditions Tab (To/From Date)
CVE-2023-2332 Published on November 15, 2024
Stored Cross-site Scripting (XSS) in pimcore/pimcore
A stored Cross-site Scripting (XSS) vulnerability exists in the Conditions tab of Pricing Rules in pimcore/pimcore versions 10.5.19. The vulnerability is present in the From and To fields of the Date Range section, allowing an attacker to inject malicious scripts. This can lead to the execution of arbitrary JavaScript code in the context of the user's browser, potentially stealing cookies or redirecting users to malicious sites. The issue is fixed in version 10.5.21.
Weakness Type
What is a XSS Vulnerability?
The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
CVE-2023-2332 has been classified to as a XSS vulnerability or weakness.
Products Associated with CVE-2023-2332
Want to know whenever a new CVE is published for Pimcore? stack.watch will email you.
Affected Versions
pimcore/pimcore:- Version unspecified and below 10.5.21 is affected.
- Before 10.5.21 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.