Pimcore Admin Classic Bundle provides a Backend UI for Pimcore based on the ExtJS framework. An admin who has not setup two factor authentication before is vulnerable for this attack, without need for any form of privilege, causing the application to execute arbitrary scripts/HTML content. This vulnerability has been patched in version 1.0.3.
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: GitHub_M
Published: 2023-07-11T18:19:37.245Z
Updated: 2023-07-11T18:19:37.245Z
Reserved: 2023-06-29T19:35:26.441Z
Link: CVE-2023-37280
JSON object: View
NVD Information
Status : Analyzed
Published: 2023-07-11T19:15:09.687
Modified: 2023-07-19T18:31:42.580
Link: CVE-2023-37280
JSON object: View
Redhat Information
No data.
CWE