VYPR

UnoPim

by UnoPim

Source repositories

CVEs (7)

  • CVE-2025-55745HigAug 22, 2025
    risk 0.50cvss 8.8epss 0.01

    UnoPim is an open-source Product Information Management (PIM) system built on the Laravel framework. Versions 0.3.0 and prior are vulnerable to CSV injection, also known as formula injection, in the Quick Export feature. This vulnerability allows attackers to inject malicious…

  • CVE-2025-55743HigAug 21, 2025
    risk 0.50cvss 8.8epss 0.00

    UnoPim is an open-source Product Information Management (PIM) system built on the Laravel framework. Before 0.2.1, the image upload at the user creation feature performs only client side file type validation. A user can capture the request by uploading an image, capture the…

  • CVE-2025-55741HigAug 22, 2025
    risk 0.46cvss 8.1epss 0.00

    UnoPim is an open-source Product Information Management (PIM) system built on the Laravel framework. In versions 0.3.0 and earlier, users without the Delete privilege for products are unable to delete individual products via the standard endpoint, as expected. However, these…

  • CVE-2025-55742HigAug 21, 2025
    risk 0.45cvss 8.0epss 0.00

    UnoPim is an open-source Product Information Management (PIM) system built on the Laravel framework. Before 0.2.1, UnoPim contains a stored cross-site scripting vulnerability via SVG MIME/sanitizer bypass in the /admin/settings/users/create endpoint. This vulnerability is fixed…

  • CVE-2024-52305MedNov 13, 2024
    risk 0.35cvss 6.5epss 0.00

    UnoPim is an open-source Product Information Management (PIM) system built on the Laravel framework. A vulnerability exists in the Create User process, allowing the creation of a new admin account with an option to upload a profile image. An attacker can upload a malicious SVG…

  • CVE-2025-55744MedAug 21, 2025
    risk 0.28cvss 4.3epss 0.00

    UnoPim is an open-source Product Information Management (PIM) system built on the Laravel framework. Before 0.2.1, some of the endpoints of the application is vulnerable to Cross site Request forgery (CSRF). This vulnerability is fixed in 0.2.1.

  • CVE-2024-50637MedNov 6, 2024
    risk 0.28cvss 5.4epss 0.00

    UnoPim 0.1.3 and below is vulnerable to Cross Site Scripting (XSS) in the Create User function. This allows attackers to perform XSS via an SVG document, which can be used to steal cookies.