Lucene search

[email protected]NVD:CVE-2023-3821

HistoryJul 21, 2023 - 3:15 p.m.

CVE-2023-3821

2023-07-2115:15:10

CWE-79

[email protected]

web.nvd.nist.gov

cross-site scripting

stored

github

repository

pimcore

prior

version 10.6.4

CVSS3

5.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

23.8%

JSON

Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.6.4.

Affected configurations

Nvd

Node

pimcorepimcoreRange<10.6.4

VendorProductVersionCPE
pimcorepimcore*cpe:2.3:a:pimcore:pimcore:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
pimcore	pimcore	*	cpe:2.3:a:pimcore:pimcore::::::::

References

github.com/pimcore/pimcore/commit/92811f07d39e4ad95c92003868f5f7309489d79c

huntr.dev/bounties/599ba4f6-c900-4161-9127-f1e6a6e29aaa