CVE-2023-2630 MEDIUM

CVE-2023-2630: Cross-site Scripting (XSS) - Stored in pimcore/pimcore

Vendor Pimcore
Product pimcore/pimcore
Weakness CWE-79 · XSS
Published May 10, 2023
Last update January 27, 2025
View on NVD All CVEs

CVSS base score

5.7/10
Attack vector Network
Attack complexity Low
Privileges required High
User interaction Required
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:H

What the vulnerability does

01Description

Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.21.

Key dates

02Disclosure timeline

May 10, 2023 CVE published
January 27, 2025 Record updated

Related vulnerabilities

04Related CVE

CVE-2026-5361 Envira Gallery <= 1.12.4 - Authenticated (Author+) Stored Cross-Site Scripting via 'arrows' Parameter CVE-2024-53802 WordPress Futurio Extra plugin <= 2.0.14 - Cross Site Scripting (XSS) vulnerability CVE-2024-0700 Simple Tweet <= 1.4.0.2 - Authenticated (Author+) Stored Cross-Site Scripting CVE-2025-22580 WordPress Biltorvet Dealer Tools plugin <= 1.0.22 - Cross Site Scripting (XSS) vulnerability CVE-2021-25993 Requarks wiki.js - Stored Cross-Site Scripting (XSS) in markdown editor