GHSA-j59v-hh4p-q92m

Source

https://github.com/advisories/GHSA-j59v-hh4p-q92m

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/10/GHSA-j59v-hh4p-q92m/GHSA-j59v-hh4p-q92m.json

JSON Data

https://api.test.osv.dev/v1/vulns/GHSA-j59v-hh4p-q92m

Aliases

CVE-2023-5873

Published

2023-10-31T09:30:54Z

Modified

2023-11-06T22:04:49.361681Z

Severity

5.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

Pimcore Cross-site Scripting vulnerability

Details

Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 11.1.0.

Database specific

{
    "github_reviewed": true,
    "cwe_ids": [
        "CWE-79"
    ],
    "nvd_published_at": "2023-10-31T09:15:09Z",
    "severity": "MODERATE",
    "github_reviewed_at": "2023-11-01T14:35:22Z"
}

References

Affected packages

Packagist / pimcore/pimcore

Package

Name: pimcore/pimcore
Purl: pkg:composer/pimcore/pimcore

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

11.1.0

Affected versions

2.*

2.2.0

2.2.1

2.2.2

2.3.0

3.*

3.0.0

3.0.1

3.0.2

3.0.3

3.0.4

3.0.5

3.0.6

3.1.0

3.1.1

4.*

4.0.0

4.0.1

4.1.0

4.1.1

4.1.2

4.1.3

4.2.0

4.3.0

4.3.1

4.4.0

4.4.1

4.4.2

4.4.3

4.5.0

4.6.0

4.6.1

4.6.2

4.6.3

4.6.4

4.6.5

v5.*

v5.0.0-RC

v5.0.0

v5.0.1

v5.0.2

v5.0.3

v5.0.4

v5.1.0-alpha

v5.1.0

v5.1.1

v5.1.2

v5.1.3

v5.2.0

v5.2.1

v5.2.2

v5.2.3

v5.3.0

v5.3.1

v5.4.0

v5.4.1

v5.4.2

v5.4.3

v5.4.4

v5.5.0

v5.5.1

v5.5.2

v5.5.3

v5.5.4

v5.6.0

v5.6.1

v5.6.2

v5.6.3

v5.6.4

v5.6.5

v5.6.6

v5.7.0

v5.7.1

v5.7.2

v5.7.3

v5.8.0

v5.8.1

v5.8.2

v5.8.3

v5.8.4

v5.8.5

v5.8.6

v5.8.7

v5.8.8

v5.8.9

v6.*

v6.0.0

v6.0.1

v6.0.2

v6.0.3

v6.0.4

v6.0.5

v6.1.0

v6.1.1

v6.1.2

v6.2.0

v6.2.1

v6.2.2

v6.2.3

v6.3.0

v6.3.1

v6.3.2

v6.3.3

v6.3.4

v6.3.5

v6.3.6

v6.4.0

v6.4.1

v6.4.2

v6.5.0

v6.5.1

v6.5.2

v6.5.3

v6.6.0

v6.6.1

v6.6.2

v6.6.3

v6.6.4

v6.6.5

v6.6.6

v6.6.7

v6.6.8

v6.6.9

v6.6.10

v6.6.11

v6.7.0

v6.7.1

v6.7.2

v6.7.3

v6.8.0

v6.8.1

v6.8.2

v6.8.3

v6.8.4

v6.8.5

v6.8.6

v6.8.7

v6.8.8

v6.8.9

v6.8.10

v6.8.11

v6.8.12

v6.9.0

v6.9.1

v6.9.2

v6.9.3

v6.9.4

v6.9.5

v6.9.6

v10.*

v10.0.0-BETA1

v10.0.0-BETA2

v10.0.0-BETA3

v10.0.0-BETA4

v10.0.0

v10.0.1

v10.0.2

v10.0.3

v10.0.4

v10.0.5

v10.0.6

v10.0.7

v10.0.9

v10.1.0

v10.1.1

v10.1.2

v10.1.3

v10.1.4

v10.1.5

v10.2.0

v10.2.1

v10.2.2

v10.2.3

v10.2.4

v10.2.5

v10.2.6

v10.2.7

v10.2.8

v10.2.9

v10.2.10

v10.3.0

v10.3.1

v10.3.2

v10.3.3

v10.3.4

v10.3.5

v10.3.6

v10.3.7

v10.4.0

v10.4.1

v10.4.2

v10.4.3

v10.4.4

v10.4.5

v10.4.6

v10.5.0

v10.5.1

v10.5.2

v10.5.3

v10.5.4

v10.5.5

v10.5.6

v10.5.7

v10.5.8

v10.5.9

v10.5.10

v10.5.11

v10.5.12

v10.5.13

v10.5.14

v10.5.15

v10.5.16

v10.5.17

v10.5.18

v10.5.19

v10.5.20

v10.5.21

v10.5.22

v10.5.23

v10.5.24

v10.5.25

v10.6.0

v10.6.1

v10.6.2

v10.6.3

v10.6.4

v10.6.5

v10.6.6

v10.6.7

v10.6.8

v10.6.9

10.*

10.0.8

v11.*

v11.0.0-ALPHA1

v11.0.0-BETA1

v11.0.0-ALPHA2

v11.0.0-ALPHA3

v11.0.0-ALPHA4

v11.0.0-ALPHA5

v11.0.0-ALPHA6

v11.0.0-ALPHA7

v11.0.0-ALPHA8

v11.0.0-RC1

v11.0.0-RC2

v11.0.0

v11.0.1

v11.0.2

v11.0.3

v11.0.4

v11.0.5

v11.0.6

v11.0.7

v11.0.8

v11.0.9

v11.0.10

v11.0.11

v11.0.12

v11.1.0-RC1