GHSA-FQ95-RX4Q-QGG2

Vulnerability from github – Published: 2023-04-27 17:12 – Updated: 2023-05-04 21:43
VLAI
Summary
Cross-site Scripting (XSS) in Admin Login too many attempts notice
Details

Impact

Malicious JavaScript has access to all the same objects as the rest of the web page, including access to cookies and local storage, which are often used to store session tokens. If an attacker can obtain a user's session cookie, they can then impersonate that user.

Furthermore, JavaScript can read and make arbitrary modifications to the contents of a page being displayed to a user. Therefore, XSS in conjunction with some clever social engineering opens up a lot of possibilities for an attacker.

Patches

Update to version 10.5.21 or apply this patch manually https://github.com/pimcore/pimcore/commit/66f1089fb1b9bcd575bfce9b1d4abb0f0499df11.patch

Workarounds

Apply patch https://github.com/pimcore/pimcore/commit/66f1089fb1b9bcd575bfce9b1d4abb0f0499df11.patch manually.

References

https://huntr.dev/bounties/cf3901ac-a649-478f-ab08-094ef759c11d/

Severity
6.1 (Medium)
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Show details on source website
To clipboard 

{
  "affected": [
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "pimcore/pimcore"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "10.5.21"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2023-2341"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-79"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2023-04-27T17:12:46Z",
    "nvd_published_at": "2023-04-27T14:15:09Z",
    "severity": "MODERATE"
  },
  "details": "### Impact\nMalicious JavaScript has access to all the same objects as the rest of the web page, including access to cookies and local storage, which are often used to store session tokens. If an attacker can obtain a user\u0027s session cookie, they can then impersonate that user.\n\nFurthermore, JavaScript can read and make arbitrary modifications to the contents of a page being displayed to a user. Therefore, XSS in conjunction with some clever social engineering opens up a lot of possibilities for an attacker.\n\n### Patches\nUpdate to version 10.5.21 or apply this patch manually https://github.com/pimcore/pimcore/commit/66f1089fb1b9bcd575bfce9b1d4abb0f0499df11.patch\n\n### Workarounds\nApply patch https://github.com/pimcore/pimcore/commit/66f1089fb1b9bcd575bfce9b1d4abb0f0499df11.patch manually.\n\n### References\nhttps://huntr.dev/bounties/cf3901ac-a649-478f-ab08-094ef759c11d/",
  "id": "GHSA-fq95-rx4q-qgg2",
  "modified": "2023-05-04T21:43:40Z",
  "published": "2023-04-27T17:12:46Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/pimcore/pimcore/security/advisories/GHSA-fq95-rx4q-qgg2"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-2341"
    },
    {
      "type": "WEB",
      "url": "https://github.com/pimcore/pimcore/commit/66f1089fb1b9bcd575bfce9b1d4abb0f0499df11"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/pimcore/pimcore"
    },
    {
      "type": "WEB",
      "url": "https://huntr.dev/bounties/cf3901ac-a649-478f-ab08-094ef759c11d"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Cross-site Scripting (XSS) in Admin Login too many attempts notice"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.





Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.


Detection rules are retrieved from Rulezet.