Pimcore CVEs and Security Vulnerabilities

Filtered by vendor Pimcore Subscriptions

Search

Switch to Advanced Search (Beta)

Total 141 CVE

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2022-0565	1 Pimcore	1 Pimcore	2024-11-21	7.6 High
Cross-site Scripting in Packagist pimcore/pimcore prior to 10.3.1.
CVE-2022-0510	1 Pimcore	1 Pimcore	2024-11-21	5.4 Medium
Cross-site Scripting (XSS) - Reflected in Packagist pimcore/pimcore prior to 10.3.1.
CVE-2022-0509	1 Pimcore	1 Pimcore	2024-11-21	5.4 Medium
Cross-site Scripting (XSS) - Stored in Packagist pimcore/pimcore prior to 10.3.1.
CVE-2022-0348	1 Pimcore	1 Pimcore	2024-11-21	5.4 Medium
Cross-site Scripting (XSS) - Stored in Packagist pimcore/pimcore prior to 10.2.
CVE-2022-0285	1 Pimcore	1 Pimcore	2024-11-21	5.4 Medium
Cross-site Scripting (XSS) - Stored in Packagist pimcore/pimcore prior to 10.2.9.
CVE-2022-0263	1 Pimcore	1 Pimcore	2024-11-21	7.8 High
Unrestricted Upload of File with Dangerous Type in Packagist pimcore/pimcore prior to 10.2.7.
CVE-2022-0262	1 Pimcore	1 Pimcore	2024-11-21	6.1 Medium
Cross-site Scripting (XSS) - Stored in Packagist pimcore/pimcore prior to 10.2.7.
CVE-2022-0260	1 Pimcore	1 Pimcore	2024-11-21	5.4 Medium
Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.2.7.
CVE-2022-0258	1 Pimcore	1 Pimcore	2024-11-21	8.8 High
pimcore is vulnerable to Improper Neutralization of Special Elements used in an SQL Command
CVE-2022-0257	1 Pimcore	1 Pimcore	2024-11-21	5.4 Medium
pimcore is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2022-0256	1 Pimcore	1 Pimcore	2024-11-21	5.4 Medium
pimcore is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2022-0251	1 Pimcore	1 Pimcore	2024-11-21	5.4 Medium
Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.2.10.
CVE-2021-4146	1 Pimcore	1 Pimcore	2024-11-21	4.3 Medium
Business Logic Errors in GitHub repository pimcore/pimcore prior to 10.2.6.
CVE-2021-4139	1 Pimcore	1 Pimcore	2024-11-21	9.0 Critical
pimcore is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2021-4084	1 Pimcore	1 Pimcore	2024-11-21	6.1 Medium
pimcore is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2021-4082	1 Pimcore	1 Pimcore	2024-11-21	4.3 Medium
pimcore is vulnerable to Cross-Site Request Forgery (CSRF)
CVE-2021-4081	1 Pimcore	1 Pimcore	2024-11-21	6.1 Medium
pimcore is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2021-39189	1 Pimcore	1 Pimcore	2024-11-21	5.3 Medium
Pimcore is an open source data & experience management platform. In versions prior to 10.1.3, it is possible to enumerate usernames via the forgot password functionality. This issue is fixed in version 10.1.3. As a workaround, one may apply the available patch manually.
CVE-2021-39170	1 Pimcore	1 Pimcore	2024-11-21	8 High
Pimcore is an open source data & experience management platform. Prior to version 10.1.2, an authenticated user could add XSS code as a value of custom metadata on assets. There is a patch for this issue in Pimcore version 10.1.2. As a workaround, users may apply the patch manually.
CVE-2021-39166	1 Pimcore	1 Pimcore	2024-11-21	8 High
Pimcore is an open source data & experience management platform. Prior to version 10.1.2, text-values were not properly escaped before printed in the version preview. This allowed XSS by authenticated users with access to the resources. This issue is patched in Pimcore version 10.1.2.

« first previous Page 6 of 8. next last »