Vulnerability Report

CVE-2018-14059

Title: Pimcore Cross-Site Scripting (XSS)

Cross-Site Scripting (XSS)

Proof Of Concept

PoC Available for CVE-2018-14059

CWE Category CWE-79
Published Date Aug 24, 2018
Modified Date Nov 21, 2024
Exploit Status Available
Score 5.4 CVSS v3.0
Exploit Probability (EPSS)
0.01%

Vulnerability Summary

CVE-2018-14059: Pimcore allows XSS via Users, Assets, Data Objects, Video Thumbnails, Image Thumbnails, Field-Collections, Objectbrick, Classification Store, Document Types, Predefined Properties, Predefined Asset Metadata, Quantity Value, and Static Routes functions.

Impacted Vendors

P
pimcore 1

Reference Links

http://packetstormsecurity.com/files/148954/Pimcore-5.2.3-CSRF-Cross-Site-Scripting-SQL-Injection.html http://seclists.org/fulldisclosure/2018/Aug/13 https://www.exploit-db.com/exploits/45208/ https://www.sec-consult.com/en/blog/advisories/sql-injection-xss-csrf-vulnerabilities-in-pimcore-software/ http://packetstormsecurity.com/files/148954/Pimcore-5.2.3-CSRF-Cross-Site-Scripting-SQL-Injection.html http://seclists.org/fulldisclosure/2018/Aug/13 https://www.exploit-db.com/exploits/45208/ https://www.sec-consult.com/en/blog/advisories/sql-injection-xss-csrf-vulnerabilities-in-pimcore-software/
CVSS v3.0
Source Entity [email protected]
Severity MEDIUM
5.4
Attack Vector
NETWORK
Complexity
LOW
Privileges
N/A
Interaction
REQUIRED
Confidentiality
N/A
Integrity
N/A
Availability
N/A
Scope
CHANGED
RAW VECTOR CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
CVSS v2.0
Source Entity [email protected]
Severity LOW
3.5
Access Vector
N/A
Authentication
N/A
RAW VECTOR AV:N/AC:M/Au:S/C:N/I:P/A:N

Associated Attack Patterns (CAPEC)

Total: Patterns

CVE-2018-14059 Exploits & PoCs (Proof Of Concept)

Exploit-DB https://www.exploit-db.com/exploits/45208
View Code
MODIFIED

Vulnerability data or affected products updated.

PUBLISHED

Vulnerability first announced in NVD.

Attack Vector Matrix

Access Vector NETWORK
Complexity LOW
Privileges N/A
Interaction REQUIRED
CVSS Vector String CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Affected Stack

No specific products linked.