Description
Pimcore is an open source data and experience management platform. Prior to version 10.5.19, an attacker can use cross-site scripting to send a malicious script to an unsuspecting user. Users may upgrade to version 10.5.19 to receive a patch or, as a workaround, apply the patch manually.
References (4)
Core 4
Core References
Vendor Advisory x_refsource_confirm
https://github.com/pimcore/pimcore/security/advisories/GHSA-x5j3-mq9g-8jc8
Mailing List, Patch x_refsource_misc
https://github.com/pimcore/pimcore/pull/14669.patch
Patch x_refsource_misc
https://github.com/pimcore/pimcore/commit/c59d0bf1d03a5037b586fe06230694fa3818dbf2
Exploit, Third Party Advisory x_refsource_misc
https://huntr.dev/bounties/fa77d780-9b23-404b-8c44-12108881d11a
Scores
CVSS v3
6.1
EPSS
0.0007
EPSS Percentile
21.3%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-79
Status
published
Products (2)
pimcore/pimcore
< 10.5.19
pimcore/pimcore
0 - 10.5.19Packagist
Published
Mar 16, 2023
Tracked Since
Feb 18, 2026