Filtered by vendor Pimcore
Subscriptions
Total
138 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-0285 | 1 Pimcore | 1 Pimcore | 2022-01-26 | 5.4 Medium |
| Cross-site Scripting (XSS) - Stored in Packagist pimcore/pimcore prior to 10.2.9. | ||||
| CVE-2022-0258 | 1 Pimcore | 1 Pimcore | 2022-01-25 | 8.8 High |
| pimcore is vulnerable to Improper Neutralization of Special Elements used in an SQL Command | ||||
| CVE-2022-0256 | 1 Pimcore | 1 Pimcore | 2022-01-24 | 5.4 Medium |
| pimcore is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | ||||
| CVE-2022-0257 | 1 Pimcore | 1 Pimcore | 2022-01-24 | 5.4 Medium |
| pimcore is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | ||||
| CVE-2021-4146 | 1 Pimcore | 1 Pimcore | 2022-01-24 | 4.3 Medium |
| Business Logic Errors in GitHub repository pimcore/pimcore prior to 10.2.6. | ||||
| CVE-2022-0263 | 1 Pimcore | 1 Pimcore | 2022-01-24 | 7.8 High |
| Unrestricted Upload of File with Dangerous Type in Packagist pimcore/pimcore prior to 10.2.7. | ||||
| CVE-2022-0260 | 1 Pimcore | 1 Pimcore | 2022-01-24 | 5.4 Medium |
| Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.2.7. | ||||
| CVE-2022-0262 | 1 Pimcore | 1 Pimcore | 2022-01-24 | 6.1 Medium |
| Cross-site Scripting (XSS) - Stored in Packagist pimcore/pimcore prior to 10.2.7. | ||||
| CVE-2021-4139 | 1 Pimcore | 1 Pimcore | 2022-01-07 | 9.0 Critical |
| pimcore is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | ||||
| CVE-2021-4082 | 1 Pimcore | 1 Pimcore | 2021-12-13 | 4.3 Medium |
| pimcore is vulnerable to Cross-Site Request Forgery (CSRF) | ||||
| CVE-2021-4084 | 1 Pimcore | 1 Pimcore | 2021-12-13 | 6.1 Medium |
| pimcore is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | ||||
| CVE-2021-4081 | 1 Pimcore | 1 Pimcore | 2021-12-10 | 6.1 Medium |
| pimcore is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | ||||
| CVE-2021-39189 | 1 Pimcore | 1 Pimcore | 2021-09-27 | 5.3 Medium |
| Pimcore is an open source data & experience management platform. In versions prior to 10.1.3, it is possible to enumerate usernames via the forgot password functionality. This issue is fixed in version 10.1.3. As a workaround, one may apply the available patch manually. | ||||
| CVE-2021-39170 | 1 Pimcore | 1 Pimcore | 2021-09-09 | 5.4 Medium |
| Pimcore is an open source data & experience management platform. Prior to version 10.1.2, an authenticated user could add XSS code as a value of custom metadata on assets. There is a patch for this issue in Pimcore version 10.1.2. As a workaround, users may apply the patch manually. | ||||
| CVE-2021-39166 | 1 Pimcore | 1 Pimcore | 2021-09-09 | 5.4 Medium |
| Pimcore is an open source data & experience management platform. Prior to version 10.1.2, text-values were not properly escaped before printed in the version preview. This allowed XSS by authenticated users with access to the resources. This issue is patched in Pimcore version 10.1.2. | ||||
| CVE-2021-37702 | 1 Pimcore | 1 Pimcore | 2021-08-26 | 8.8 High |
| Pimcore is an open source data & experience management platform. Prior to version 10.1.1, Data Object CSV import allows formular injection. The problem is patched in 10.1.1. Aside from upgrading, one may apply the patch manually as a workaround. | ||||
| CVE-2021-31867 | 1 Pimcore | 1 Customer Management Framework | 2021-08-12 | 7.5 High |
| Pimcore Customer Data Framework version 3.0.0 and earlier suffers from a Boolean-based blind SQL injection issue in the $id parameter of the SegmentAssignmentController.php component of the application. This issue was fixed in version 3.0.2 of the product. | ||||
| CVE-2021-31869 | 1 Pimcore | 1 Adminbundle | 2021-08-12 | 7.5 High |
| Pimcore AdminBundle version 6.8.0 and earlier suffers from a SQL injection issue in the specificID variable used by the application. This issue was fixed in version 6.9.4 of the product. | ||||
| CVE-2021-23405 | 1 Pimcore | 1 Pimcore | 2021-07-21 | 8.8 High |
| This affects the package pimcore/pimcore before 10.0.7. This issue exists due to the absence of check on the storeId parameter in the method collectionsActionGet and groupsActionGet method within the ClassificationstoreController class. | ||||
| CVE-2021-23340 | 1 Pimcore | 1 Pimcore | 2021-02-25 | 7.1 High |
| This affects the package pimcore/pimcore before 6.8.8. A Local FIle Inclusion vulnerability exists in the downloadCsvAction function of the CustomReportController class (bundles/AdminBundle/Controller/Reports/CustomReportController.php). An authenticated user can reach this function with a GET request at the following endpoint: /admin/reports/custom-report/download-csv?exportFile=&91;filename]. Since exportFile variable is not sanitized, an attacker can exploit a local file inclusion vulnerability. | ||||