3 matches found
CVE-2023-28106
creationtimestamp| type| source ---|---|--- 2023-03-16 19:30:47+00:00| seen| https://t.me/cibsecurity/60165...
CVE-2023-28106 Pimcore vulnerable to Cross-site Scripting in UrlSlug Data type
Pimcore is an open source data and experience management platform. Prior to version 10.5.19, an attacker can use cross-site scripting to send a malicious script to an unsuspecting user. Users may upgrade to version 10.5.19 to receive a patch or, as a workaround, apply the patch manually...
CVE-2023-28106
PIMCORE CVE-2023-28106 affects Pimcore prior to version 10.5.19, where Cross-site Scripting (XSS) can be triggered via the UrlSlug Data type. The vulnerability is addressed by upgrading to version 10.5.19 or applying the patch referenced in the sources (patch: 14669). Several connected sources co...