Vulnerability Details CVE-2023-28850
Pimcore Perspective Editor provides an editor for Pimcore that allows users to add/remove/edit custom views and perspectives. This vulnerability has the potential to steal a user's cookie and gain unauthorized access to that user's account through the stolen cookie or redirect users to other malicious sites. Version 1.5.1 has a patch. As a workaround, one may apply the patch manually.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 0.3%
CVSS Severity
CVSS v3 Score 6.1
References
- https://github.com/pimcore/perspective-editor/pull/121.patch
- https://github.com/pimcore/perspective-editor/security/advisories/GHSA-fq8q-55v3-2986
- https://huntr.dev/bounties/5529f51e-e40f-46f1-887b-c9dbebab4f06/
- https://github.com/pimcore/perspective-editor/pull/121.patch
- https://github.com/pimcore/perspective-editor/security/advisories/GHSA-fq8q-55v3-2986
- https://huntr.dev/bounties/5529f51e-e40f-46f1-887b-c9dbebab4f06/
Products affected by CVE-2023-28850
-
cpe:2.3:a:pimcore:perspective_editor:1.0
-
cpe:2.3:a:pimcore:perspective_editor:1.1.0
-
cpe:2.3:a:pimcore:perspective_editor:1.1.1
-
cpe:2.3:a:pimcore:perspective_editor:1.2.0
-
cpe:2.3:a:pimcore:perspective_editor:1.2.1
-
cpe:2.3:a:pimcore:perspective_editor:1.3.0
-
cpe:2.3:a:pimcore:perspective_editor:1.3.1
-
cpe:2.3:a:pimcore:perspective_editor:1.4.0
-
cpe:2.3:a:pimcore:perspective_editor:1.4.1
-
cpe:2.3:a:pimcore:perspective_editor:1.4.2
-
cpe:2.3:a:pimcore:perspective_editor:1.5.0