CVE-2023-2332 Stored Cross-site Scripting (XSS) in pimcore/pimcore

A stored Cross-site Scripting XSS vulnerability exists in the Conditions tab of Pricing Rules in pimcore/pimcore versions 10.5.19. The vulnerability is present in the From and To fields of the Date Range section, allowing an attacker to inject malicious scripts. This can lead to the execution of...

CVE-2023-2332 Stored Cross-site Scripting (XSS) in pimcore/pimcore

A stored Cross-site Scripting XSS vulnerability exists in the Conditions tab of Pricing Rules in pimcore/pimcore versions 10.5.19. The vulnerability is present in the From and To fields of the Date Range section, allowing an attacker to inject malicious scripts. This can lead to the execution of...

Cross-Site Scripting (XSS)

pimcore/pimcore is vulnerable to Cross-Site Scripting XSS. The vulnerability exists due to a lack of user input sanitization in the From and To parameters in the Conditions tab of the Pricing Rules, which allows an attacker to inject arbitrary JavaScript code into the browser...

CVE-2023-32075

The Customer Management Framework CMF for Pimcore adds functionality for customer data management. In pimcore/customer-management-framework-bundle prior to version 3.3.9, business logic errors are possible in the Conditions tab since the counter can be a negative number. This vulnerability is...

Design/Logic Flaw

The Customer Management Framework CMF for Pimcore adds functionality for customer data management. In pimcore/customer-management-framework-bundle prior to version 3.3.9, business logic errors are possible in the Conditions tab since the counter can be a negative number. This vulnerability is...

GHSA-X99J-R8VV-GWWJ Pimcore vulnerable to Business Logic Errors via Customer automation rules

Impact Business Logic Errors in the Conditions tab since the counter can be a negative number. This vulnerability is capable of the unlogic in the counter value in the Conditions tab. Patches Update to version 3.3.9 or apply this patch manually...

CVE-2023-32075 Pimcore vulnerable to Business Logic Errors in Customer automation rules

The Customer Management Framework CMF for Pimcore adds functionality for customer data management. In pimcore/customer-management-framework-bundle prior to version 3.3.9, business logic errors are possible in the Conditions tab since the counter can be a negative number. This vulnerability is...

CVE-2023-32075 Pimcore vulnerable to Business Logic Errors in Customer automation rules

The Customer Management Framework CMF for Pimcore adds functionality for customer data management. In pimcore/customer-management-framework-bundle prior to version 3.3.9, business logic errors are possible in the Conditions tab since the counter can be a negative number. This vulnerability is...

CVE-2023-32075

Summary of CVE-2023-32075: The Pimcore CMF’s customer-management-framework-bundle is affected in versions before 3.3.9. A business-logic flaw in the Conditions tab allows the counter value to become negative, leading to unlogic in the UI/logic. The issue is fixed in version 3.3.9; patch guidance ...

Cross-site Scripting (XSS) in Conditions tab of Pricing Rules

Impact This vulnerability has the potential to steal a user's cookie and gain unauthorized access to that user's account through the stolen cookie or redirect users to other malicious sites. Patches Update to version 10.5.21 or apply this patch manually...