CVE-2023-46722
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2023-46722
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-46722.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2023-46722
- Aliases
- Published
- 2023-10-31T16:15:10Z
- Modified
- 2024-05-14T13:03:52.965460Z
- Severity
-
- 6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
- Summary
- [none]
- Details
-
The Pimcore Admin Classic Bundle provides a backend UI for Pimcore. Prior to version 1.2.0, a cross-site scripting vulnerability has the potential to steal a user's cookie and gain unauthorized access to that user's account through the stolen cookie or redirect users to other malicious sites. Users should upgrade to version 1.2.0 to receive a patch or, as a workaround, apply the patch manually.
- References
Affected packages
Git / github.com/pimcore/admin-ui-classic-bundle
Affected ranges
- Type
- GIT
- Repo
- https://github.com/pimcore/admin-ui-classic-bundle
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
- Type
- GIT
- Repo
- https://github.com/pimcore/pimcore
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
2.*
2.2.0
2.2.1
2.2.2
2.3.0
3.*
3.0.0
3.0.1
3.0.2
3.0.3
3.0.4
3.0.5
3.0.6
3.1.0
3.1.1
4.*
4.0.0
4.0.1
4.1.0
4.1.1
4.1.2
4.1.3
4.2.0
4.3.0
4.3.1
4.4.0
4.4.1
4.4.2
4.4.3
4.5.0
v1.*
v1.0.0
v1.0.0-BETA1
v1.0.0-RC1
v1.0.0-RC2
v1.0.1
v1.0.2
v1.0.3
v1.0.4
v1.0.5
v1.0.6
v1.1.0
v1.1.0-RC1
v1.1.1
v1.1.2
v1.1.3
v10.*
v10.0.0
v10.0.0-BETA1
v10.0.0-BETA2
v10.0.0-BETA3
v10.0.0-BETA4
v10.0.1
v10.0.2
v10.0.3
v10.0.4
v10.0.5
v10.0.6
v10.0.7
v10.0.8
v10.0.9
v10.1.0
v10.1.1
v10.1.2
v10.1.3
v10.1.4
v10.1.5
v10.2.0
v10.2.1
v10.2.10
v10.2.2
v10.2.3
v10.2.4
v10.2.5
v10.2.6
v10.2.7
v10.2.8
v10.2.9
v10.3.0
v10.3.1
v10.3.2
v10.3.3
v10.3.4
v10.3.5
v10.3.6
v10.4.0
v10.4.1
v10.4.2
v10.4.3
v10.4.4
v10.4.5
v10.4.6
v10.5.0
v10.5.1
v10.5.10
v10.5.11
v10.5.12
v10.5.13
v10.5.14
v10.5.15
v10.5.16
v10.5.17
v10.5.18
v10.5.19
v10.5.2
v10.5.20
v10.5.21
v10.5.22
v10.5.23
v10.5.24
v10.5.25
v10.5.3
v10.5.4
v10.5.5
v10.5.6
v10.5.7
v10.5.8
v10.5.9
v10.6.0
v10.6.1
v10.6.2
v10.6.3
v10.6.4
v10.6.5
v10.6.6
v10.6.7
v10.6.8
v10.6.9
v11.*
v11.0.0
v11.0.0-ALPHA1
v11.0.0-ALPHA2
v11.0.0-ALPHA3
v11.0.0-ALPHA4
v11.0.0-ALPHA5
v11.0.0-ALPHA6
v11.0.0-ALPHA7
v11.0.0-ALPHA8
v11.0.0-BETA1
v11.0.0-RC1
v11.0.0-RC2
v11.0.1
v11.0.10
v11.0.11
v11.0.2
v11.0.3
v11.0.4
v11.0.5
v11.0.6
v11.0.7
v11.0.8
v11.0.9
v5.*
v5.0.0
v5.0.0-RC
v5.0.1
v5.0.2
v5.0.3
v5.0.4
v5.1.0
v5.1.0-alpha
v5.1.1
v5.1.2
v5.1.3
v5.2.0
v5.2.3
v5.3.0
v5.3.1
v5.4.0
v5.4.1
v5.4.2
v5.4.3
v5.4.4
v5.5.0
v5.5.1
v5.5.2
v5.5.3
v5.5.4
v5.6.0
v5.6.1
v5.6.2
v5.6.3
v5.6.4
v5.6.5
v5.6.6
v5.7.0
v5.7.1
v5.7.2
v5.7.3
v5.8.0
v5.8.1
v5.8.2
v5.8.3
v6.*
v6.0.0
v6.0.1
v6.0.2
v6.0.3
v6.0.4
v6.0.5
v6.1.0
v6.1.1
v6.1.2
v6.2.0
v6.2.1
v6.2.2
v6.2.3
v6.3.0
v6.3.1
v6.3.2
v6.3.3
v6.3.4
v6.3.5
v6.3.6
v6.4.0
v6.4.1
v6.4.2
v6.5.0
v6.5.1
v6.5.2
v6.5.3
v6.6.0
v6.6.1
v6.6.10
v6.6.11
v6.6.2
v6.6.3
v6.6.4
v6.6.5
v6.6.6
v6.6.7
v6.6.8
v6.6.9
v6.7.0
v6.7.1
v6.7.2
v6.7.3
v6.8.0
v6.8.1
v6.8.10
v6.8.11
v6.8.12
v6.8.2
v6.8.3
v6.8.4
v6.8.5
v6.8.6
v6.8.7
v6.8.8
v6.8.9
v6.9.0
v6.9.1
v6.9.2
v6.9.3
v6.9.4
v6.9.5
v6.9.6