CVE-2023-1704
unknown
CVSS v3
—
CVSS v2
—
VIR risk
—
Description
pimcore is vulnerable to cross-site scripting in translate module
Predictions
Exploit likelihood
20%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
No vendor mitigations ingested yet for this CVE. The mitigation-content worker queues fetches as references arrive — check back in a few minutes, or see the references list below.
Package impact
| Ecosystem | Package | Vulnerable | Fixed |
|---|---|---|---|
| Packagist | pimcore/pimcore | <10.5.20 | 10.5.20 |
References
- https://github.com/pimcore/pimcore/security/advisories/GHSA-hfmg-g39c-5444
- https://nvd.nist.gov/vuln/detail/CVE-2023-1704
- https://github.com/pimcore/pimcore/pull/14732.patch
- https://github.com/pimcore/pimcore/commit/295f5e8d108b68198e36399bea0f69598eb108a0
- https://github.com/pimcore/pimcore
- https://huntr.dev/bounties/84419c7b-ae29-401b-bdfd-5d0c498d320f
Verify integrity in audit chain (admin only). AS-IS.