CVE-2023-2730 MEDIUM

CVE-2023-2730: Cross-site Scripting (XSS) - Stored in pimcore/pimcore

Vendor Pimcore
Product pimcore/pimcore
Weakness CWE-79 · XSS
Published May 16, 2023
Last update January 22, 2025
View on NVD All CVEs

CVSS base score

6.3/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

What the vulnerability does

01Description

Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.3.3.

Key dates

02Disclosure timeline

May 16, 2023 CVE published
January 22, 2025 Record updated

Related vulnerabilities

04Related CVE

CVE-2024-56259 WordPress GeoDirectory plugin <= 2.3.84 - Cross Site Scripting (XSS) vulnerability CVE-2023-48448 Adobe Experience Manager | Cross-site Scripting (Reflected XSS) (CWE-79) CVE-2024-43788 DOM Clobbering Gadget found in Webpack's AutoPublicPathRuntimeModule that leads to Cross-site Scripting (XSS) CVE-2024-47627 WordPress WP Travel Gutenberg Blocks plugin <= 3.6.0 - Cross Site Scripting (XSS) vulnerability CVE-2022-1582 External Links in New Window / New Tab < 1.43 - Unauthenticated Stored Cross-Site Scripting