CVE-2023-4453

CVSS 3.1 Score 5.4 of 10 (medium)

Details

Published Aug 21, 2023

Updated: Aug 24, 2023

CWE ID 79

Summary

CVE-2023-4453 is a Cross-Site Scripting (XSS) vulnerability affecting the GitHub repository pimcore/pimcore before version 10.6.8. Malicious scripts can be injected into web pages viewed by other users, leading to potential data theft or unauthorized actions. Successful exploitation requires an attacker to craft a malicious URL that, when clicked, injects the script into the targeted user's web session. Users are advised to upgrade to the patched version as soon as possible to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Pimcore

Affected Vendors

Pimcore

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/sadmT1
https://www.cve.org/CVERecord?id=CVE-2023-4453
https://nvd.nist.gov/vuln/detail/CVE-2023-4453

Back to Vulnerability Database