Filtered by vendor Pimcore Subscriptions

Search

Switch to Advanced Search (Beta)
Total 141 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2023-3819 1 Pimcore 1 Pimcore 2024-11-21 6.5 Medium
Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository pimcore/pimcore prior to 10.6.4.
CVE-2023-3673 1 Pimcore 1 Pimcore 2024-11-21 7.2 High
SQL Injection in GitHub repository pimcore/pimcore prior to 10.5.24.
CVE-2023-3574 1 Pimcore 2 Customer-data-framework, Customer Management Framework 2024-11-21 6.5 Medium
Improper Authorization in GitHub repository pimcore/customer-data-framework prior to 3.4.1.
CVE-2023-38708 1 Pimcore 1 Pimcore 2024-11-21 6.3 Medium
Pimcore is an Open Source Data & Experience Management Platform: PIM, MDM, CDP, DAM, DXP/CMS & Digital Commerce. A path traversal vulnerability exists in the `AssetController::importServerFilesAction`, which allows an attacker to overwrite or modify sensitive files by manipulating the pimcore_log parameter.This can lead to potential denial of service---key file overwrite. The impact of this vulnerability allows attackers to: overwrite or modify sensitive files, potentially leading to unauthorized access, privilege escalation, or disclosure of confidential information. This could also cause a denial of service (DoS) if critical system files are overwritten or deleted.
CVE-2023-37280 1 Pimcore 1 Admin Classic Bundle 2024-11-21 5 Medium
Pimcore Admin Classic Bundle provides a Backend UI for Pimcore based on the ExtJS framework. An admin who has not setup two factor authentication before is vulnerable for this attack, without need for any form of privilege, causing the application to execute arbitrary scripts/HTML content. This vulnerability has been patched in version 1.0.3.
CVE-2022-3211 1 Pimcore 1 Pimcore 2024-11-21 5.4 Medium
Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.6.
CVE-2022-2796 1 Pimcore 1 Pimcore 2024-11-21 4.8 Medium
Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.4.
CVE-2022-1429 1 Pimcore 1 Pimcore 2024-11-21 7.5 High
SQL injection in GridHelperService.php in GitHub repository pimcore/pimcore prior to 10.3.6. This vulnerability is capable of steal the data
CVE-2022-1351 1 Pimcore 1 Pimcore 2024-11-21 5.4 Medium
Stored XSS in Tooltip in GitHub repository pimcore/pimcore prior to 10.4.
CVE-2022-1339 1 Pimcore 1 Pimcore 2024-11-21 7.5 High
SQL injection in ElementController.php in GitHub repository pimcore/pimcore prior to 10.3.5. This vulnerability is capable of steal the data
CVE-2022-1219 1 Pimcore 1 Pimcore 2024-11-21 7.5 High
SQL injection in RecyclebinController.php in GitHub repository pimcore/pimcore prior to 10.3.5. This vulnerability is capable of steal the data
CVE-2022-0955 1 Pimcore 1 Data-hub 2024-11-21 4.8 Medium
Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/data-hub prior to 1.2.4.
CVE-2022-0911 1 Pimcore 1 Pimcore 2024-11-21 5.4 Medium
Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.4.0.
CVE-2022-0894 1 Pimcore 1 Pimcore 2024-11-21 5.4 Medium
Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.4.0.
CVE-2022-0893 1 Pimcore 1 Pimcore 2024-11-21 5.4 Medium
Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.4.0.
CVE-2022-0832 1 Pimcore 1 Pimcore 2024-11-21 5.4 Medium
Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.3.3.
CVE-2022-0831 1 Pimcore 1 Pimcore 2024-11-21 5.4 Medium
Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.3.3.
CVE-2022-0705 1 Pimcore 1 Pimcore 2024-11-21 5.4 Medium
Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.4.0.
CVE-2022-0704 1 Pimcore 1 Pimcore 2024-11-21 5.4 Medium
Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.4.0.
CVE-2022-0665 1 Pimcore 1 Pimcore 2024-11-21 6.5 Medium
Path Traversal in GitHub repository pimcore/pimcore prior to 10.3.2.