CVE-2023-46722
Summary
| CVE | CVE-2023-46722 |
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2023-10-31 16:15:00 UTC |
| Updated | 2023-11-08 17:53:00 UTC |
| Description | The Pimcore Admin Classic Bundle provides a backend UI for Pimcore. Prior to version 1.2.0, a cross-site scripting vulnerability has the potential to steal a user's cookie and gain unauthorized access to that user's account through the stolen cookie or redirect users to other malicious sites. Users should upgrade to version 1.2.0 to receive a patch or, as a workaround, apply the patch manually. |
NVD Known Affected Configurations (CPE 2.3)
References
| Reference | Source | Link | Tags |
|---|
| Cross-site Scripting (XSS) in PDF previews · Advisory · pimcore/admin-ui-classic-bundle · GitHub |
MISC |
github.com |
|
| [Improvement]: Add sanitizing pdf (#301) · pimcore/admin-ui-classic-bundle@19fda2e · GitHub |
MISC |
github.com |
|
| Implement Asset Sanitizer Queue & Preview Check (#16053) · pimcore/pimcore@7573756 · GitHub |
MISC |
github.com |
|
| CVE Program record |
CVE.ORG |
www.cve.org |
canonical |
| NVD vulnerability detail |
NVD |
nvd.nist.gov |
canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 995802 PHP (Composer) Security Update for pimcore/admin-ui-classic-bundle (GHSA-jfxw-6c5v-c42f)