What the vulnerability does
01Description
Cross-site Scripting (XSS) - Generic in GitHub repository pimcore/pimcore prior to 10.5.20.
CVE-2023-1703
MEDIUM
CVE-2023-1703: Cross-site Scripting (XSS) - Generic in pimcore/pimcore
CVSS base score
5.3/10
CVSS vector
CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:L/A:L
Key dates
02Disclosure timeline
March 29, 2023
CVE published
February 12, 2025
Record updated
External resources
03References
Related vulnerabilities
04Related CVE
CVE-2020-9055 Versiant Lynx Customer Service Portal version 3.5.2 is vulnerable to stored cross-site scripting, which may allow an attacker to execute arbitrary JavaScript
CVE-2024-13739 Newsletters <= 4.9.9.7 - Reflected Cross-Site Scripting via To Parameter
CVE-2024-30180 WordPress Easy Social Feed plugin <= 6.5.3 - Cross Site Scripting (XSS) vulnerability
CVE-2025-0667 BOINC Server Stored XSS Injection in pm.php
CVE-2022-0397 WPC Smart Wishlist for WooCommerce < 2.9.4 - Reflected Cross-Site Scripting
