Home > Vulnerability Database > CVE-2022-3255

Mend.io Vulnerability Database

CVE-2022-3255

Good to know:

Date: September 21, 2022

If an attacker can control a script that is executed in the victim's browser, then they can typically fully compromise that user. Amongst other things, the attacker can: Perform any action within the application that the user can perform. View any information that the user is able to view. Modify any information that the user is able to modify. Initiate interactions with other application users, including malicious attacks, that will appear to originate from the initial victim user.

Language: PHP

Severity Score

4.8

Related Resources (5)

Url: https://github.com/pimcore/pimcore/commit/1e916e7d668c9e47b217e20cc0ea4812f466201b

Url: https://huntr.dev/bounties/0ea45cf9-b256-454c-9031-2435294c0902

Url: https://nvd.nist.gov/vuln/detail/CVE-2022-3255

Url: https://github.com/pimcore/pimcore

Url: https://www.mend.io/vulnerability-database/CVE-2022-3255

Severity Score

4.8

Weakness Type (CWE)

Cross-Site Scripting (XSS)

CWE-79

Top Fix

Upgrade Version

Upgrade to version v10.5.7

Learn More

CVSS v3.1

Base Score:	4.8
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	HIGH
User Interaction (UI):	REQUIRED
Scope (S):	CHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2022-3255

Good to know:

Date: September 21, 2022

Language: PHP

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?