VYPR
Moderate severityNVD Advisory· Published Oct 31, 2023· Updated Sep 5, 2024

Pimcore Admin Classic Bundle Cross-site Scripting (XSS) in PDF previews

CVE-2023-46722

Description

The Pimcore Admin Classic Bundle provides a backend UI for Pimcore. Prior to version 1.2.0, a cross-site scripting vulnerability has the potential to steal a user's cookie and gain unauthorized access to that user's account through the stolen cookie or redirect users to other malicious sites. Users should upgrade to version 1.2.0 to receive a patch or, as a workaround, apply the patch manually.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
pimcore/admin-ui-classic-bundlePackagist
< 1.2.01.2.0

Affected products

2

Patches

Vulnerability mechanics

References

5

News mentions

0

No linked articles in our index yet.