CVE-2023-1116

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2023-1116

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-1116.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2023-1116

Aliases

GHSA-96hp-38wx-j3wc

Published

2023-03-01T00:00:00Z

Modified

2025-11-28T02:34:08.922644Z

Severity

5.4 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N CVSS Calculator

Summary

Cross-site Scripting (XSS) - Stored in pimcore/pimcore

Details

Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.18.

Database specific

{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/1xxx/CVE-2023-1116.json",
    "cna_assigner": "@huntrdev",
    "cwe_ids": [
        "CWE-79"
    ]
}

References

Affected packages

Git / github.com/pimcore/pimcore

Affected ranges

Type: GIT
Repo: https://github.com/pimcore/pimcore
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

25bb7f79edac52672891f421eab31d3fa906bc9a

Affected versions

2.*

2.2.0

2.2.1

2.2.2

2.3.0

3.*

3.0.0

3.0.1

3.0.2

3.0.3

3.0.4

3.0.5

3.0.6

3.1.0

3.1.1

4.*

4.0.0

4.0.1

4.1.0

4.1.1

4.1.2

4.1.3

4.2.0

4.3.0

4.3.1

4.4.0

4.4.1

4.4.2

4.4.3

4.5.0

v10.*

v10.0.0

v10.0.0-BETA1

v10.0.0-BETA2

v10.0.0-BETA3

v10.0.0-BETA4

v10.0.1

v10.0.2

v10.0.3

v10.0.4

v10.0.5

v10.0.6

v10.0.7

v10.0.8

v10.0.9

v10.1.0

v10.1.1

v10.1.2

v10.1.3

v10.1.4

v10.1.5

v10.2.0

v10.2.1

v10.2.10

v10.2.2

v10.2.3

v10.2.4

v10.2.5

v10.2.6

v10.2.7

v10.2.8

v10.2.9

v10.3.0

v10.3.1

v10.3.2

v10.3.3

v10.3.4

v10.3.5

v10.3.6

v10.4.0

v10.4.1

v10.4.2

v10.4.3

v10.4.4

v10.4.5

v10.4.6

v10.5.0

v10.5.1

v10.5.10

v10.5.11

v10.5.12

v10.5.13

v10.5.14

v10.5.15

v10.5.16

v10.5.17

v10.5.2

v10.5.3

v10.5.4

v10.5.5

v10.5.6

v10.5.7

v10.5.8

v10.5.9

v5.*

v5.0.0

v5.0.0-RC

v5.0.1

v5.0.2

v5.0.3

v5.0.4

v5.1.0

v5.1.0-alpha

v5.1.1

v5.1.2

v5.1.3

v5.2.0

v5.2.3

v5.3.0

v5.3.1

v5.4.0

v5.4.1

v5.4.2

v5.4.3

v5.4.4

v5.5.0

v5.5.1

v5.5.2

v5.5.3

v5.5.4

v5.6.0

v5.6.1

v5.6.2

v5.6.3

v5.6.4

v5.6.5

v5.6.6

v5.7.0

v5.7.1

v5.7.2

v5.7.3

v5.8.0

v5.8.1

v5.8.2

v5.8.3

v6.*

v6.0.0

v6.0.1

v6.0.2

v6.0.3

v6.0.4

v6.0.5

v6.1.0

v6.1.1

v6.1.2

v6.2.0

v6.2.1

v6.2.2

v6.2.3

v6.3.0

v6.3.1

v6.3.2

v6.3.3

v6.3.4

v6.3.5

v6.3.6

v6.4.0

v6.4.1

v6.4.2

v6.5.0

v6.5.1

v6.5.2

v6.5.3

v6.6.0

v6.6.1

v6.6.10

v6.6.11

v6.6.2

v6.6.3

v6.6.4

v6.6.5

v6.6.6

v6.6.7

v6.6.8

v6.6.9

v6.7.0

v6.7.1

v6.7.2

v6.7.3

v6.8.0

v6.8.1

v6.8.10

v6.8.11

v6.8.12

v6.8.2

v6.8.3

v6.8.4

v6.8.5

v6.8.6

v6.8.7

v6.8.8

v6.8.9

v6.9.0

v6.9.1

v6.9.2

v6.9.3

v6.9.4

v6.9.5

v6.9.6

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-1116.json"