Pimcore
by Pimcore
Source repositories
CVEs (122)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-29197 | 0.00 | — | 0.01 | Mar 26, 2024 | Pimcore is an Open Source Data & Experience Management Platform. Any call with the query argument `?pimcore_preview=true` allows to view unpublished sites. In previous versions of Pimcore, session information would propagate to previews, so only a logged in user could open a… | |||
| CVE-2023-49076 | 0.00 | — | 0.00 | Nov 30, 2023 | Customer-data-framework allows management of customer data within Pimcore. There are no tokens or headers to prevent CSRF attacks from occurring, therefore an attacker could abuse this vulnerability to create new customers. This issue has been patched in version 4.0.5. | |||
| CVE-2023-47637 | 0.00 | — | 0.01 | Nov 15, 2023 | Pimcore is an Open Source Data & Experience Management Platform. In affected versions the `/admin/object/grid-proxy` endpoint calls `getFilterCondition()` on fields of classes to be filtered for, passing input from the request, and later executes the returned SQL. One… | |||
| CVE-2023-5873 | 0.00 | — | 0.00 | Oct 31, 2023 | Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 11.1.0. | |||
| CVE-2023-5192 | 0.00 | — | 0.01 | Sep 26, 2023 | Excessive Data Query Operations in a Large Data Table in GitHub repository pimcore/demo prior to 10.3.0. | |||
| CVE-2023-4453 | 0.00 | — | 0.01 | Aug 21, 2023 | Cross-site Scripting (XSS) - Reflected in GitHub repository pimcore/pimcore prior to 10.6.8. | |||
| CVE-2023-38708 | 0.00 | — | 0.01 | Aug 4, 2023 | Pimcore is an Open Source Data & Experience Management Platform: PIM, MDM, CDP, DAM, DXP/CMS & Digital Commerce. A path traversal vulnerability exists in the `AssetController::importServerFilesAction`, which allows an attacker to overwrite or modify sensitive files by… | |||
| CVE-2023-3822 | 0.00 | — | 0.00 | Jul 21, 2023 | Cross-site Scripting (XSS) - Reflected in GitHub repository pimcore/pimcore prior to 10.6.4. | |||
| CVE-2023-3821 | 0.00 | — | 0.00 | Jul 21, 2023 | Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.6.4. | |||
| CVE-2023-3820 | 0.00 | — | 0.01 | Jul 21, 2023 | SQL Injection in GitHub repository pimcore/pimcore prior to 10.6.4. | |||
| CVE-2023-3819 | 0.00 | — | 0.01 | Jul 21, 2023 | Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository pimcore/pimcore prior to 10.6.4. | |||
| CVE-2023-3673 | 0.00 | — | 0.01 | Jul 14, 2023 | SQL Injection in GitHub repository pimcore/pimcore prior to 10.5.24. | |||
| CVE-2023-2984 | 0.00 | — | 0.01 | May 30, 2023 | Path Traversal: '\..\filename' in GitHub repository pimcore/pimcore prior to 10.5.22. | |||
| CVE-2023-2983 | 0.00 | — | 0.01 | May 30, 2023 | Privilege Defined With Unsafe Actions in GitHub repository pimcore/pimcore prior to 10.5.23. | |||
| CVE-2023-2730 | 0.00 | — | 0.00 | May 16, 2023 | Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.3.3. | |||
| CVE-2023-2630 | 0.00 | — | 0.01 | May 10, 2023 | Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.21. | |||
| CVE-2023-2616 | 0.00 | — | 0.01 | May 10, 2023 | Cross-site Scripting (XSS) - Generic in GitHub repository pimcore/pimcore prior to 10.5.21. | |||
| CVE-2023-2614 | 0.00 | — | 0.01 | May 10, 2023 | Cross-site Scripting (XSS) - DOM in GitHub repository pimcore/pimcore prior to 10.5.21. | |||
| CVE-2023-2615 | 0.00 | — | 0.01 | May 10, 2023 | Cross-site Scripting (XSS) - Reflected in GitHub repository pimcore/pimcore prior to 10.5.21. | |||
| CVE-2023-30855 | 0.00 | — | 0.01 | May 8, 2023 | Pimcore is an open source data and experience management platform. Versions of Pimcore prior to 10.5.18 are vulnerable to path traversal. The impact of this path traversal and arbitrary extension is limited to creation of arbitrary files and appending data to existing files.… |
- CVE-2024-29197Mar 26, 2024risk 0.00cvss —epss 0.01
Pimcore is an Open Source Data & Experience Management Platform. Any call with the query argument `?pimcore_preview=true` allows to view unpublished sites. In previous versions of Pimcore, session information would propagate to previews, so only a logged in user could open a…
- CVE-2023-49076Nov 30, 2023risk 0.00cvss —epss 0.00
Customer-data-framework allows management of customer data within Pimcore. There are no tokens or headers to prevent CSRF attacks from occurring, therefore an attacker could abuse this vulnerability to create new customers. This issue has been patched in version 4.0.5.
- CVE-2023-47637Nov 15, 2023risk 0.00cvss —epss 0.01
Pimcore is an Open Source Data & Experience Management Platform. In affected versions the `/admin/object/grid-proxy` endpoint calls `getFilterCondition()` on fields of classes to be filtered for, passing input from the request, and later executes the returned SQL. One…
- CVE-2023-5873Oct 31, 2023risk 0.00cvss —epss 0.00
Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 11.1.0.
- CVE-2023-5192Sep 26, 2023risk 0.00cvss —epss 0.01
Excessive Data Query Operations in a Large Data Table in GitHub repository pimcore/demo prior to 10.3.0.
- CVE-2023-4453Aug 21, 2023risk 0.00cvss —epss 0.01
Cross-site Scripting (XSS) - Reflected in GitHub repository pimcore/pimcore prior to 10.6.8.
- CVE-2023-38708Aug 4, 2023risk 0.00cvss —epss 0.01
Pimcore is an Open Source Data & Experience Management Platform: PIM, MDM, CDP, DAM, DXP/CMS & Digital Commerce. A path traversal vulnerability exists in the `AssetController::importServerFilesAction`, which allows an attacker to overwrite or modify sensitive files by…
- CVE-2023-3822Jul 21, 2023risk 0.00cvss —epss 0.00
Cross-site Scripting (XSS) - Reflected in GitHub repository pimcore/pimcore prior to 10.6.4.
- CVE-2023-3821Jul 21, 2023risk 0.00cvss —epss 0.00
Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.6.4.
- CVE-2023-3820Jul 21, 2023risk 0.00cvss —epss 0.01
SQL Injection in GitHub repository pimcore/pimcore prior to 10.6.4.
- CVE-2023-3819Jul 21, 2023risk 0.00cvss —epss 0.01
Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository pimcore/pimcore prior to 10.6.4.
- CVE-2023-3673Jul 14, 2023risk 0.00cvss —epss 0.01
SQL Injection in GitHub repository pimcore/pimcore prior to 10.5.24.
- CVE-2023-2984May 30, 2023risk 0.00cvss —epss 0.01
Path Traversal: '\..\filename' in GitHub repository pimcore/pimcore prior to 10.5.22.
- CVE-2023-2983May 30, 2023risk 0.00cvss —epss 0.01
Privilege Defined With Unsafe Actions in GitHub repository pimcore/pimcore prior to 10.5.23.
- CVE-2023-2730May 16, 2023risk 0.00cvss —epss 0.00
Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.3.3.
- CVE-2023-2630May 10, 2023risk 0.00cvss —epss 0.01
Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.21.
- CVE-2023-2616May 10, 2023risk 0.00cvss —epss 0.01
Cross-site Scripting (XSS) - Generic in GitHub repository pimcore/pimcore prior to 10.5.21.
- CVE-2023-2614May 10, 2023risk 0.00cvss —epss 0.01
Cross-site Scripting (XSS) - DOM in GitHub repository pimcore/pimcore prior to 10.5.21.
- CVE-2023-2615May 10, 2023risk 0.00cvss —epss 0.01
Cross-site Scripting (XSS) - Reflected in GitHub repository pimcore/pimcore prior to 10.5.21.
- CVE-2023-30855May 8, 2023risk 0.00cvss —epss 0.01
Pimcore is an open source data and experience management platform. Versions of Pimcore prior to 10.5.18 are vulnerable to path traversal. The impact of this path traversal and arbitrary extension is limited to creation of arbitrary files and appending data to existing files.…
Page 2 of 7