VulnerableCode Vulnerability Details

Staging Environment: Content and features may be unstable or change without notice.

Search for vulnerabilities

Vulnerability details: VCID-e11t-ywn5-v7gp

Essentials
Severities (17)
References (7)
Severity details (16)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-e11t-ywn5-v7gp
Aliases	CVE-2023-2322 GHSA-476g-v7hf-cw5m
Summary	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.21.
Status	Published
Exploitability	None
Weighted Severity	None
Risk	None
Affected and Fixed Packages	Package Details

Weaknesses (3)

CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-79	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities

System	Score	Found at
epss	0.00012	https://api.first.org/data/v1/epss?cve=CVE-2023-2322
cvssv3.1_qr	MODERATE	https://github.com/advisories/GHSA-476g-v7hf-cw5m
cvssv3.1	5.2	https://github.com/pimcore/pimcore
generic_textual	MODERATE	https://github.com/pimcore/pimcore
cvssv3	5.2	https://github.com/pimcore/pimcore/commit/9fc674892b8b53103098b9524705074a45e7f773
cvssv3.1	5.2	https://github.com/pimcore/pimcore/commit/9fc674892b8b53103098b9524705074a45e7f773
generic_textual	MODERATE	https://github.com/pimcore/pimcore/commit/9fc674892b8b53103098b9524705074a45e7f773
ssvc	Track	https://github.com/pimcore/pimcore/commit/9fc674892b8b53103098b9524705074a45e7f773
cvssv3.1	5.2	https://github.com/pimcore/pimcore/security/advisories/GHSA-476g-v7hf-cw5m
cvssv3.1_qr	MODERATE	https://github.com/pimcore/pimcore/security/advisories/GHSA-476g-v7hf-cw5m
generic_textual	MODERATE	https://github.com/pimcore/pimcore/security/advisories/GHSA-476g-v7hf-cw5m
cvssv3	5.2	https://huntr.dev/bounties/f7228f3f-3bef-46fe-b0e3-56c432048a67
cvssv3.1	5.2	https://huntr.dev/bounties/f7228f3f-3bef-46fe-b0e3-56c432048a67
generic_textual	MODERATE	https://huntr.dev/bounties/f7228f3f-3bef-46fe-b0e3-56c432048a67
ssvc	Track	https://huntr.dev/bounties/f7228f3f-3bef-46fe-b0e3-56c432048a67
cvssv3.1	5.2	https://nvd.nist.gov/vuln/detail/CVE-2023-2322
generic_textual	MODERATE	https://nvd.nist.gov/vuln/detail/CVE-2023-2322

Reference id	Reference type	URL
		https://api.first.org/data/v1/epss?cve=CVE-2023-2322
		https://github.com/pimcore/pimcore
		https://github.com/pimcore/pimcore/commit/9fc674892b8b53103098b9524705074a45e7f773
		https://huntr.dev/bounties/f7228f3f-3bef-46fe-b0e3-56c432048a67
CVE-2023-2322		https://nvd.nist.gov/vuln/detail/CVE-2023-2322
GHSA-476g-v7hf-cw5m		https://github.com/advisories/GHSA-476g-v7hf-cw5m
GHSA-476g-v7hf-cw5m		https://github.com/pimcore/pimcore/security/advisories/GHSA-476g-v7hf-cw5m

No exploits are available.

Vector: CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:H Found at https://github.com/pimcore/pimcore

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:H Found at https://github.com/pimcore/pimcore/commit/9fc674892b8b53103098b9524705074a45e7f773

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:H Found at https://github.com/pimcore/pimcore/commit/9fc674892b8b53103098b9524705074a45e7f773

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-31T18:34:58Z/ Found at https://github.com/pimcore/pimcore/commit/9fc674892b8b53103098b9524705074a45e7f773

Vector: CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:H Found at https://github.com/pimcore/pimcore/security/advisories/GHSA-476g-v7hf-cw5m

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:H Found at https://huntr.dev/bounties/f7228f3f-3bef-46fe-b0e3-56c432048a67

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:H Found at https://huntr.dev/bounties/f7228f3f-3bef-46fe-b0e3-56c432048a67

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-31T18:34:58Z/ Found at https://huntr.dev/bounties/f7228f3f-3bef-46fe-b0e3-56c432048a67

Vector: CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2023-2322

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Exploit Prediction Scoring System (EPSS)

Percentile	0.01689
EPSS Score	0.00012
Published At	May 30, 2026, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2026-05-30T21:00:31.439169+00:00	GitLab Importer	Import	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/pimcore/pimcore/CVE-2023-2322.yml	38.6.0