2 matches found
CVE-2023-46722
Pimcore Admin Classic Bundle contains a cross-site scripting (XSS) vulnerability in PDF previews prior to version 1.2.0. The issue stems from insufficient input validation in the PDF preview path (AssetController.php getPreviewDocumentAction), enabling an attacker to craft a malicious PDF that ca...
CVE-2023-46722 Pimcore Admin Classic Bundle Cross-site Scripting (XSS) in PDF previews
The Pimcore Admin Classic Bundle provides a backend UI for Pimcore. Prior to version 1.2.0, a cross-site scripting vulnerability has the potential to steal a user's cookie and gain unauthorized access to that user's account through the stolen cookie or redirect users to other malicious sites. Use...