Vulnerability Description
If an attacker can control a script that is executed in the victim's browser, then they can typically fully compromise that user. Amongst other things, the attacker can: Perform any action within the application that the user can perform. View any information that the user is able to view. Modify any information that the user is able to modify. Initiate interactions with other application users, including malicious attacks, that will appear to originate from the initial victim user.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Pimcore | Pimcore | < 10.5.7 |
Related Weaknesses (CWE)
References
- https://github.com/pimcore/pimcore/commit/1e916e7d668c9e47b217e20cc0ea4812f46620PatchThird Party Advisory
- https://huntr.dev/bounties/0ea45cf9-b256-454c-9031-2435294c0902ExploitThird Party Advisory
- https://github.com/pimcore/pimcore/commit/1e916e7d668c9e47b217e20cc0ea4812f46620PatchThird Party Advisory
- https://huntr.dev/bounties/0ea45cf9-b256-454c-9031-2435294c0902ExploitThird Party Advisory
FAQ
What is CVE-2022-3255?
CVE-2022-3255 is a vulnerability with a CVSS score of 4.8 (MEDIUM). If an attacker can control a script that is executed in the victim's browser, then they can typically fully compromise that user. Amongst other things, the attacker can: Perform any action within the ...
How severe is CVE-2022-3255?
CVE-2022-3255 has been rated MEDIUM with a CVSS base score of 4.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-3255?
Check the references section above for vendor advisories and patch information. Affected products include: Pimcore Pimcore.