Vulnerabilities > CVE-2023-28850 - Unspecified vulnerability in Pimcore Perspective Editor
Attack vector
NETWORK Attack complexity
LOW Privileges required
LOW Confidentiality impact
LOW Integrity impact
LOW Availability impact
NONE Summary
Pimcore Perspective Editor provides an editor for Pimcore that allows users to add/remove/edit custom views and perspectives. This vulnerability has the potential to steal a user's cookie and gain unauthorized access to that user's account through the stolen cookie or redirect users to other malicious sites. Version 1.5.1 has a patch. As a workaround, one may apply the patch manually.
Vulnerable Configurations
References
- https://github.com/pimcore/perspective-editor/pull/121.patch
- https://github.com/pimcore/perspective-editor/security/advisories/GHSA-fq8q-55v3-2986
- https://huntr.dev/bounties/5529f51e-e40f-46f1-887b-c9dbebab4f06/
- https://github.com/pimcore/perspective-editor/pull/121.patch
- https://huntr.dev/bounties/5529f51e-e40f-46f1-887b-c9dbebab4f06/
- https://github.com/pimcore/perspective-editor/security/advisories/GHSA-fq8q-55v3-2986