CVE-2023-28429: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
(updated )
Pimcore is an open source data and experience management platform. Versions prior to 10.5.19 have an unsecured tooltip field in DataObject class definition. This vulnerability has the potential to steal a user’s cookie and gain unauthorized access to that user’s account through the stolen cookie or redirect users to other malicious sites. Users should upgrade to version 10.5.19 or, as a workaround, apply the patch manually.
References
Detect and mitigate CVE-2023-28429 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →