Vulnerability Description
The Pimcore Admin Classic Bundle provides a backend UI for Pimcore. Prior to version 1.2.0, a cross-site scripting vulnerability has the potential to steal a user's cookie and gain unauthorized access to that user's account through the stolen cookie or redirect users to other malicious sites. Users should upgrade to version 1.2.0 to receive a patch or, as a workaround, apply the patch manually.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Pimcore | Admin Classic Bundle | < 1.2.0 |
Related Weaknesses (CWE)
References
- https://github.com/pimcore/admin-ui-classic-bundle/commit/19fda2e86557c2ed497831Patch
- https://github.com/pimcore/admin-ui-classic-bundle/security/advisories/GHSA-jfxwPatchVendor Advisory
- https://github.com/pimcore/pimcore/commit/757375677dc83a44c6c22f26d97452cc5cda5dPatch
- https://github.com/pimcore/admin-ui-classic-bundle/commit/19fda2e86557c2ed497831Patch
- https://github.com/pimcore/admin-ui-classic-bundle/security/advisories/GHSA-jfxwPatchVendor Advisory
- https://github.com/pimcore/pimcore/commit/757375677dc83a44c6c22f26d97452cc5cda5dPatch
FAQ
What is CVE-2023-46722?
CVE-2023-46722 is a vulnerability with a CVSS score of 6.1 (MEDIUM). The Pimcore Admin Classic Bundle provides a backend UI for Pimcore. Prior to version 1.2.0, a cross-site scripting vulnerability has the potential to steal a user's cookie and gain unauthorized access...
How severe is CVE-2023-46722?
CVE-2023-46722 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-46722?
Check the references section above for vendor advisories and patch information. Affected products include: Pimcore Admin Classic Bundle.