Filtered by vendor Pimcore
Subscriptions
Total
141 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-3673 | 1 Pimcore | 1 Pimcore | 2024-11-21 | 7.2 High |
| SQL Injection in GitHub repository pimcore/pimcore prior to 10.5.24. | ||||
| CVE-2023-3574 | 1 Pimcore | 2 Customer-data-framework, Customer Management Framework | 2024-11-21 | 6.5 Medium |
| Improper Authorization in GitHub repository pimcore/customer-data-framework prior to 3.4.1. | ||||
| CVE-2023-38708 | 1 Pimcore | 1 Pimcore | 2024-11-21 | 6.3 Medium |
| Pimcore is an Open Source Data & Experience Management Platform: PIM, MDM, CDP, DAM, DXP/CMS & Digital Commerce. A path traversal vulnerability exists in the `AssetController::importServerFilesAction`, which allows an attacker to overwrite or modify sensitive files by manipulating the pimcore_log parameter.This can lead to potential denial of service---key file overwrite. The impact of this vulnerability allows attackers to: overwrite or modify sensitive files, potentially leading to unauthorized access, privilege escalation, or disclosure of confidential information. This could also cause a denial of service (DoS) if critical system files are overwritten or deleted. | ||||
| CVE-2023-37280 | 1 Pimcore | 1 Admin Classic Bundle | 2024-11-21 | 5 Medium |
| Pimcore Admin Classic Bundle provides a Backend UI for Pimcore based on the ExtJS framework. An admin who has not setup two factor authentication before is vulnerable for this attack, without need for any form of privilege, causing the application to execute arbitrary scripts/HTML content. This vulnerability has been patched in version 1.0.3. | ||||
| CVE-2022-3255 | 1 Pimcore | 1 Pimcore | 2024-11-21 | 4.8 Medium |
| If an attacker can control a script that is executed in the victim's browser, then they can typically fully compromise that user. Amongst other things, the attacker can: Perform any action within the application that the user can perform. View any information that the user is able to view. Modify any information that the user is able to modify. Initiate interactions with other application users, including malicious attacks, that will appear to originate from the initial victim user. | ||||
| CVE-2022-3211 | 1 Pimcore | 1 Pimcore | 2024-11-21 | 5.4 Medium |
| Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.6. | ||||
| CVE-2022-2796 | 1 Pimcore | 1 Pimcore | 2024-11-21 | 4.8 Medium |
| Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.4. | ||||
| CVE-2022-1429 | 1 Pimcore | 1 Pimcore | 2024-11-21 | 7.5 High |
| SQL injection in GridHelperService.php in GitHub repository pimcore/pimcore prior to 10.3.6. This vulnerability is capable of steal the data | ||||
| CVE-2022-1351 | 1 Pimcore | 1 Pimcore | 2024-11-21 | 5.4 Medium |
| Stored XSS in Tooltip in GitHub repository pimcore/pimcore prior to 10.4. | ||||
| CVE-2022-1339 | 1 Pimcore | 1 Pimcore | 2024-11-21 | 7.5 High |
| SQL injection in ElementController.php in GitHub repository pimcore/pimcore prior to 10.3.5. This vulnerability is capable of steal the data | ||||
| CVE-2022-1219 | 1 Pimcore | 1 Pimcore | 2024-11-21 | 7.5 High |
| SQL injection in RecyclebinController.php in GitHub repository pimcore/pimcore prior to 10.3.5. This vulnerability is capable of steal the data | ||||
| CVE-2022-0955 | 1 Pimcore | 1 Data-hub | 2024-11-21 | 4.8 Medium |
| Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/data-hub prior to 1.2.4. | ||||
| CVE-2022-0911 | 1 Pimcore | 1 Pimcore | 2024-11-21 | 5.4 Medium |
| Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.4.0. | ||||
| CVE-2022-0894 | 1 Pimcore | 1 Pimcore | 2024-11-21 | 5.4 Medium |
| Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.4.0. | ||||
| CVE-2022-0893 | 1 Pimcore | 1 Pimcore | 2024-11-21 | 5.4 Medium |
| Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.4.0. | ||||
| CVE-2022-0832 | 1 Pimcore | 1 Pimcore | 2024-11-21 | 5.4 Medium |
| Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.3.3. | ||||
| CVE-2022-0831 | 1 Pimcore | 1 Pimcore | 2024-11-21 | 5.4 Medium |
| Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.3.3. | ||||
| CVE-2022-0705 | 1 Pimcore | 1 Pimcore | 2024-11-21 | 5.4 Medium |
| Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.4.0. | ||||
| CVE-2022-0704 | 1 Pimcore | 1 Pimcore | 2024-11-21 | 5.4 Medium |
| Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.4.0. | ||||
| CVE-2022-0665 | 1 Pimcore | 1 Pimcore | 2024-11-21 | 6.5 Medium |
| Path Traversal in GitHub repository pimcore/pimcore prior to 10.3.2. | ||||