VYPR

Pimcore

by Pimcore

Source repositories

CVEs (122)

  • CVE-2024-29197Mar 26, 2024
    risk 0.00cvss epss 0.01

    Pimcore is an Open Source Data & Experience Management Platform. Any call with the query argument `?pimcore_preview=true` allows to view unpublished sites. In previous versions of Pimcore, session information would propagate to previews, so only a logged in user could open a…

  • CVE-2023-49076Nov 30, 2023
    risk 0.00cvss epss 0.00

    Customer-data-framework allows management of customer data within Pimcore. There are no tokens or headers to prevent CSRF attacks from occurring, therefore an attacker could abuse this vulnerability to create new customers. This issue has been patched in version 4.0.5.

  • CVE-2023-47637Nov 15, 2023
    risk 0.00cvss epss 0.01

    Pimcore is an Open Source Data & Experience Management Platform. In affected versions the `/admin/object/grid-proxy` endpoint calls `getFilterCondition()` on fields of classes to be filtered for, passing input from the request, and later executes the returned SQL. One…

  • CVE-2023-5873Oct 31, 2023
    risk 0.00cvss epss 0.00

    Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 11.1.0.

  • CVE-2023-5192Sep 26, 2023
    risk 0.00cvss epss 0.01

    Excessive Data Query Operations in a Large Data Table in GitHub repository pimcore/demo prior to 10.3.0.

  • CVE-2023-4453Aug 21, 2023
    risk 0.00cvss epss 0.01

    Cross-site Scripting (XSS) - Reflected in GitHub repository pimcore/pimcore prior to 10.6.8.

  • CVE-2023-38708Aug 4, 2023
    risk 0.00cvss epss 0.01

    Pimcore is an Open Source Data & Experience Management Platform: PIM, MDM, CDP, DAM, DXP/CMS & Digital Commerce. A path traversal vulnerability exists in the `AssetController::importServerFilesAction`, which allows an attacker to overwrite or modify sensitive files by…

  • CVE-2023-3822Jul 21, 2023
    risk 0.00cvss epss 0.00

    Cross-site Scripting (XSS) - Reflected in GitHub repository pimcore/pimcore prior to 10.6.4.

  • CVE-2023-3821Jul 21, 2023
    risk 0.00cvss epss 0.00

    Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.6.4.

  • CVE-2023-3820Jul 21, 2023
    risk 0.00cvss epss 0.01

    SQL Injection in GitHub repository pimcore/pimcore prior to 10.6.4.

  • CVE-2023-3819Jul 21, 2023
    risk 0.00cvss epss 0.01

    Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository pimcore/pimcore prior to 10.6.4.

  • CVE-2023-3673Jul 14, 2023
    risk 0.00cvss epss 0.01

    SQL Injection in GitHub repository pimcore/pimcore prior to 10.5.24.

  • CVE-2023-2984May 30, 2023
    risk 0.00cvss epss 0.01

    Path Traversal: '\..\filename' in GitHub repository pimcore/pimcore prior to 10.5.22.

  • CVE-2023-2983May 30, 2023
    risk 0.00cvss epss 0.01

    Privilege Defined With Unsafe Actions in GitHub repository pimcore/pimcore prior to 10.5.23.

  • CVE-2023-2730May 16, 2023
    risk 0.00cvss epss 0.00

    Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.3.3.

  • CVE-2023-2630May 10, 2023
    risk 0.00cvss epss 0.01

    Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.21.

  • CVE-2023-2616May 10, 2023
    risk 0.00cvss epss 0.01

    Cross-site Scripting (XSS) - Generic in GitHub repository pimcore/pimcore prior to 10.5.21.

  • CVE-2023-2614May 10, 2023
    risk 0.00cvss epss 0.01

    Cross-site Scripting (XSS) - DOM in GitHub repository pimcore/pimcore prior to 10.5.21.

  • CVE-2023-2615May 10, 2023
    risk 0.00cvss epss 0.01

    Cross-site Scripting (XSS) - Reflected in GitHub repository pimcore/pimcore prior to 10.5.21.

  • CVE-2023-30855May 8, 2023
    risk 0.00cvss epss 0.01

    Pimcore is an open source data and experience management platform. Versions of Pimcore prior to 10.5.18 are vulnerable to path traversal. The impact of this path traversal and arbitrary extension is limited to creation of arbitrary files and appending data to existing files.…

Page 2 of 7