Pimcore
by Pimcore
Source repositories
CVEs (122)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2022-0285 | 0.00 | — | 0.01 | Jan 20, 2022 | Cross-site Scripting (XSS) - Stored in Packagist pimcore/pimcore prior to 10.2.9. | |||
| CVE-2022-0263 | 0.00 | — | 0.01 | Jan 18, 2022 | Unrestricted Upload of File with Dangerous Type in Packagist pimcore/pimcore prior to 10.2.7. | |||
| CVE-2022-0262 | 0.00 | — | 0.02 | Jan 18, 2022 | Cross-site Scripting (XSS) - Stored in Packagist pimcore/pimcore prior to 10.2.7. | |||
| CVE-2021-4146 | 0.00 | — | 0.01 | Jan 18, 2022 | Business Logic Errors in GitHub repository pimcore/pimcore prior to 10.2.6. | |||
| CVE-2022-0260 | 0.00 | — | 0.01 | Jan 18, 2022 | Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.2.7. | |||
| CVE-2022-0257 | 0.00 | — | 0.01 | Jan 17, 2022 | pimcore is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | |||
| CVE-2022-0258 | 0.00 | — | 0.02 | Jan 17, 2022 | pimcore is vulnerable to Improper Neutralization of Special Elements used in an SQL Command | |||
| CVE-2022-0256 | 0.00 | — | 0.01 | Jan 17, 2022 | pimcore is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | |||
| CVE-2021-4139 | 0.00 | — | 0.01 | Dec 21, 2021 | pimcore is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | |||
| CVE-2021-4084 | 0.00 | — | 0.02 | Dec 10, 2021 | pimcore is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | |||
| CVE-2021-4081 | 0.00 | — | 0.01 | Dec 10, 2021 | pimcore is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | |||
| CVE-2021-4082 | 0.00 | — | 0.00 | Dec 10, 2021 | pimcore is vulnerable to Cross-Site Request Forgery (CSRF) | |||
| CVE-2021-39189 | 0.00 | — | 0.01 | Sep 15, 2021 | Pimcore is an open source data & experience management platform. In versions prior to 10.1.3, it is possible to enumerate usernames via the forgot password functionality. This issue is fixed in version 10.1.3. As a workaround, one may apply the available patch manually. | |||
| CVE-2021-39170 | 0.00 | — | 0.01 | Sep 1, 2021 | Pimcore is an open source data & experience management platform. Prior to version 10.1.2, an authenticated user could add XSS code as a value of custom metadata on assets. There is a patch for this issue in Pimcore version 10.1.2. As a workaround, users may apply the patch… | |||
| CVE-2021-39166 | 0.00 | — | 0.01 | Sep 1, 2021 | Pimcore is an open source data & experience management platform. Prior to version 10.1.2, text-values were not properly escaped before printed in the version preview. This allowed XSS by authenticated users with access to the resources. This issue is patched in Pimcore version… | |||
| CVE-2021-37702 | 0.00 | — | 0.01 | Aug 18, 2021 | Pimcore is an open source data & experience management platform. Prior to version 10.1.1, Data Object CSV import allows formular injection. The problem is patched in 10.1.1. Aside from upgrading, one may apply the patch manually as a workaround. | |||
| CVE-2021-31869 | 0.00 | — | 0.01 | Aug 4, 2021 | Pimcore AdminBundle version 6.8.0 and earlier suffers from a SQL injection issue in the specificID variable used by the application. This issue was fixed in version 6.9.4 of the product. | |||
| CVE-2021-31867 | 0.00 | — | 0.01 | Aug 4, 2021 | Pimcore Customer Data Framework version 3.0.0 and earlier suffers from a Boolean-based blind SQL injection issue in the $id parameter of the SegmentAssignmentController.php component of the application. This issue was fixed in version 3.0.2 of the product. | |||
| CVE-2020-26246 | 0.00 | — | 0.01 | Dec 3, 2020 | Pimcore is an open source digital experience platform. In Pimcore before version 6.8.5 it is possible to modify & create website settings without having the appropriate permissions. | |||
| CVE-2015-4426 | 0.00 | — | 0.02 | Aug 18, 2015 | SQL injection vulnerability in pimcore before build 3473 allows remote attackers to execute arbitrary SQL commands via the filter parameter to admin/asset/grid-proxy. |
- CVE-2022-0285Jan 20, 2022risk 0.00cvss —epss 0.01
Cross-site Scripting (XSS) - Stored in Packagist pimcore/pimcore prior to 10.2.9.
- CVE-2022-0263Jan 18, 2022risk 0.00cvss —epss 0.01
Unrestricted Upload of File with Dangerous Type in Packagist pimcore/pimcore prior to 10.2.7.
- CVE-2022-0262Jan 18, 2022risk 0.00cvss —epss 0.02
Cross-site Scripting (XSS) - Stored in Packagist pimcore/pimcore prior to 10.2.7.
- CVE-2021-4146Jan 18, 2022risk 0.00cvss —epss 0.01
Business Logic Errors in GitHub repository pimcore/pimcore prior to 10.2.6.
- CVE-2022-0260Jan 18, 2022risk 0.00cvss —epss 0.01
Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.2.7.
- CVE-2022-0257Jan 17, 2022risk 0.00cvss —epss 0.01
pimcore is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
- CVE-2022-0258Jan 17, 2022risk 0.00cvss —epss 0.02
pimcore is vulnerable to Improper Neutralization of Special Elements used in an SQL Command
- CVE-2022-0256Jan 17, 2022risk 0.00cvss —epss 0.01
pimcore is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
- CVE-2021-4139Dec 21, 2021risk 0.00cvss —epss 0.01
pimcore is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
- CVE-2021-4084Dec 10, 2021risk 0.00cvss —epss 0.02
pimcore is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
- CVE-2021-4081Dec 10, 2021risk 0.00cvss —epss 0.01
pimcore is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
- CVE-2021-4082Dec 10, 2021risk 0.00cvss —epss 0.00
pimcore is vulnerable to Cross-Site Request Forgery (CSRF)
- CVE-2021-39189Sep 15, 2021risk 0.00cvss —epss 0.01
Pimcore is an open source data & experience management platform. In versions prior to 10.1.3, it is possible to enumerate usernames via the forgot password functionality. This issue is fixed in version 10.1.3. As a workaround, one may apply the available patch manually.
- CVE-2021-39170Sep 1, 2021risk 0.00cvss —epss 0.01
Pimcore is an open source data & experience management platform. Prior to version 10.1.2, an authenticated user could add XSS code as a value of custom metadata on assets. There is a patch for this issue in Pimcore version 10.1.2. As a workaround, users may apply the patch…
- CVE-2021-39166Sep 1, 2021risk 0.00cvss —epss 0.01
Pimcore is an open source data & experience management platform. Prior to version 10.1.2, text-values were not properly escaped before printed in the version preview. This allowed XSS by authenticated users with access to the resources. This issue is patched in Pimcore version…
- CVE-2021-37702Aug 18, 2021risk 0.00cvss —epss 0.01
Pimcore is an open source data & experience management platform. Prior to version 10.1.1, Data Object CSV import allows formular injection. The problem is patched in 10.1.1. Aside from upgrading, one may apply the patch manually as a workaround.
- CVE-2021-31869Aug 4, 2021risk 0.00cvss —epss 0.01
Pimcore AdminBundle version 6.8.0 and earlier suffers from a SQL injection issue in the specificID variable used by the application. This issue was fixed in version 6.9.4 of the product.
- CVE-2021-31867Aug 4, 2021risk 0.00cvss —epss 0.01
Pimcore Customer Data Framework version 3.0.0 and earlier suffers from a Boolean-based blind SQL injection issue in the $id parameter of the SegmentAssignmentController.php component of the application. This issue was fixed in version 3.0.2 of the product.
- CVE-2020-26246Dec 3, 2020risk 0.00cvss —epss 0.01
Pimcore is an open source digital experience platform. In Pimcore before version 6.8.5 it is possible to modify & create website settings without having the appropriate permissions.
- CVE-2015-4426Aug 18, 2015risk 0.00cvss —epss 0.02
SQL injection vulnerability in pimcore before build 3473 allows remote attackers to execute arbitrary SQL commands via the filter parameter to admin/asset/grid-proxy.
Page 6 of 7