CVE-2023-1704 MEDIUM

CVE-2023-1704: Cross-site Scripting (XSS) - Stored in pimcore/pimcore

Vendor Pimcore
Product pimcore/pimcore
Weakness CWE-79 · XSS
Published March 29, 2023
Last update February 12, 2025
View on NVD All CVEs

CVSS base score

5.1/10
Attack vector Local
Attack complexity High
Privileges required High
User interaction Required
Confidentiality High
Integrity Low

CVSS vector

CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:L/A:L

What the vulnerability does

01Description

Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.20.

Key dates

02Disclosure timeline

March 29, 2023 CVE published
February 12, 2025 Record updated

Related vulnerabilities

04Related CVE

CVE-2026-44245 Kyverno: [policy-reporter-ui] XSS via Stored Property Values in PropertyCard Component CVE-2026-4089 Twittee Text Tweet <= 1.0.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'id' Shortcode Attribute CVE-2026-57333 WordPress Link Whisper Free plugin <= 0.9.4 - Reflected Cross Site Scripting (XSS) vulnerability CVE-2022-39350 @dependencytrack/frontend vulnerable to Persistent Cross-Site-Scripting via Vulnerability Details CVE-2024-31907