cvedb.io
CVE-2023-28429
MEDIUM · CVSS 6.1
EPSS exploitation probability: 0%
Published 2023-03-20T15:15:12.447 · Last modified 2026-06-17T05:47:41.817

Summary

Pimcore is an open source data and experience management platform. Versions prior to 10.5.19 have an unsecured tooltip field in DataObject class definition. This vulnerability has the potential to steal a user's cookie and gain unauthorized access to that user's account through the stolen cookie or redirect users to other malicious sites. Users should upgrade to version 10.5.19 or, as a workaround, apply the patch manually.

Affected products

pimcore — pimcore

Does this affect you?

Add your gear to cvedb and we'll alert you only when pimcore ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.