Filtered by vendor Pimcore
Subscribe
Total
137 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2022-0510 | 1 Pimcore | 1 Pimcore | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
Cross-site Scripting (XSS) - Reflected in Packagist pimcore/pimcore prior to 10.3.1. | |||||
CVE-2022-0348 | 1 Pimcore | 1 Pimcore | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
Cross-site Scripting (XSS) - Stored in Packagist pimcore/pimcore prior to 10.2. | |||||
CVE-2022-0258 | 1 Pimcore | 1 Pimcore | 2023-12-10 | 6.5 MEDIUM | 8.8 HIGH |
pimcore is vulnerable to Improper Neutralization of Special Elements used in an SQL Command | |||||
CVE-2022-0285 | 1 Pimcore | 1 Pimcore | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
Cross-site Scripting (XSS) - Stored in Packagist pimcore/pimcore prior to 10.2.9. | |||||
CVE-2021-4082 | 1 Pimcore | 1 Pimcore | 2023-12-10 | 4.3 MEDIUM | 4.3 MEDIUM |
pimcore is vulnerable to Cross-Site Request Forgery (CSRF) | |||||
CVE-2022-0251 | 1 Pimcore | 1 Pimcore | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.2.10. | |||||
CVE-2022-0257 | 1 Pimcore | 1 Pimcore | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
pimcore is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | |||||
CVE-2021-4139 | 1 Pimcore | 1 Pimcore | 2023-12-10 | 6.0 MEDIUM | 9.0 CRITICAL |
pimcore is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | |||||
CVE-2022-0256 | 1 Pimcore | 1 Pimcore | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
pimcore is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | |||||
CVE-2022-0263 | 1 Pimcore | 1 Pimcore | 2023-12-10 | 4.6 MEDIUM | 7.8 HIGH |
Unrestricted Upload of File with Dangerous Type in Packagist pimcore/pimcore prior to 10.2.7. | |||||
CVE-2022-0509 | 1 Pimcore | 1 Pimcore | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
Cross-site Scripting (XSS) - Stored in Packagist pimcore/pimcore prior to 10.3.1. | |||||
CVE-2022-0260 | 1 Pimcore | 1 Pimcore | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.2.7. | |||||
CVE-2021-31869 | 1 Pimcore | 1 Adminbundle | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
Pimcore AdminBundle version 6.8.0 and earlier suffers from a SQL injection issue in the specificID variable used by the application. This issue was fixed in version 6.9.4 of the product. | |||||
CVE-2021-23405 | 1 Pimcore | 1 Pimcore | 2023-12-10 | 6.5 MEDIUM | 8.8 HIGH |
This affects the package pimcore/pimcore before 10.0.7. This issue exists due to the absence of check on the storeId parameter in the method collectionsActionGet and groupsActionGet method within the ClassificationstoreController class. | |||||
CVE-2021-39170 | 1 Pimcore | 1 Pimcore | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
Pimcore is an open source data & experience management platform. Prior to version 10.1.2, an authenticated user could add XSS code as a value of custom metadata on assets. There is a patch for this issue in Pimcore version 10.1.2. As a workaround, users may apply the patch manually. | |||||
CVE-2021-37702 | 1 Pimcore | 1 Pimcore | 2023-12-10 | 6.5 MEDIUM | 8.8 HIGH |
Pimcore is an open source data & experience management platform. Prior to version 10.1.1, Data Object CSV import allows formular injection. The problem is patched in 10.1.1. Aside from upgrading, one may apply the patch manually as a workaround. | |||||
CVE-2021-39166 | 1 Pimcore | 1 Pimcore | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
Pimcore is an open source data & experience management platform. Prior to version 10.1.2, text-values were not properly escaped before printed in the version preview. This allowed XSS by authenticated users with access to the resources. This issue is patched in Pimcore version 10.1.2. | |||||
CVE-2021-31867 | 1 Pimcore | 1 Customer Management Framework | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
Pimcore Customer Data Framework version 3.0.0 and earlier suffers from a Boolean-based blind SQL injection issue in the $id parameter of the SegmentAssignmentController.php component of the application. This issue was fixed in version 3.0.2 of the product. | |||||
CVE-2020-26246 | 1 Pimcore | 1 Pimcore | 2023-12-10 | 4.0 MEDIUM | 6.5 MEDIUM |
Pimcore is an open source digital experience platform. In Pimcore before version 6.8.5 it is possible to modify & create website settings without having the appropriate permissions. | |||||
CVE-2020-7759 | 1 Pimcore | 1 Pimcore | 2023-12-10 | 6.5 MEDIUM | 7.2 HIGH |
The package pimcore/pimcore from 6.7.2 and before 6.8.3 are vulnerable to SQL Injection in data classification functionality in ClassificationstoreController. This can be exploited by sending a specifically-crafted input in the relationIds parameter as demonstrated by the following request: http://vulnerable.pimcore.example/admin/classificationstore/relations?relationIds=[{"keyId"%3a"''","groupId"%3a"'asd'))+or+1%3d1+union+(select+1,2,3,4,5,6,name,8,password,'',11,12,'',14+from+users)+--+"}] |