Vulnerability — CVE-2023-2332

CVE-2023-2332

Reference to the description:: https://nvd.nist.gov/vuln/detail/CVE-2023-2332
Description:: A stored Cross-site Scripting (XSS) vulnerability exists in the Conditions tab of Pricing Rules in pimcore/pimcore versions 10.5.19. The vulnerability is present in the From and To fields of the Date Range section, allowing an attacker to inject malicious scripts. This can lead to the execution of arbitrary JavaScript code in the context of the user's browser, potentially stealing cookies or redirecting users to malicious sites. The issue is fixed in version 10.5.21.
Last updated date:: 11/19/2024

Type:: exploit
Confidence:: HIGH
Date of publishing:: 11/19/2024
Reference url to background: https://huntr.com/bounties/e436ed71-6741-4b30-89db-f7f3de4aca2c